Audit logging of network traffic, compliance alerts, firewall activity, operating system changes, and provisioning activities is considered a best practice for maintaining the security of any IT environment. In addition, logging is a specific requirement of many regulations and standards.
One of the first steps to take for ensuring that you are aware of changes to your infrastructure is to audit your environment. By default, vSphere includes tools that enable you to view and track changes. For example, you can use the Tasks and Events tab in the vSphere Client on any object in your vSphere hierarchy to see what changes have occurred. You can also use the PowerCLI to retrieve events and tasks. In addition, VMware Aria Operations for Logs offers audit logging to support collection and retention of important system events. Finally, many third-party tools are available that provide vCenter Server auditing.
Log files can also help determine who or what is accessing a host, a virtual machine, and so on. For more information, see ESXi Log File Locations.