The user activity report helps you understand the scope of user activities in your vRealize Operations instance, such as when users logged in, actions they took on clusters and nodes, changes they made to system passwords, when they activated certificates, and when they logged out.

Where You Audit User Activity

To audit user activity, from the left menu, click Administration, and then click the Audit tile. The activities that users performed in the environment appear on the page.

Table 1. User Activity Audit Actions
Option Description


Download the user activity audit information to a report in PDF or XLS format.


Configure the settings to send the user activity log to an external syslog server to meet security auditing requirements.
  • Output log to external syslog server. When selected, vRealize Operations sends the log to a separate server machine.
  • IP Address or Host Name. Identification for the syslog server.
  • Port. vRealize Operations port used to send the audit information to the external server.

Date Range

Display the list of user activities performed in the past based on a selected number of hours, days, weeks, months, or years, or between two specific dates and times.

Starting Line

Indicates the starting line of the file . 0 is for the first line. -1 or no value indicates that the file has to be displayed from the end.

Number of Lines

Specifies the number of lines to be displayed in the search result. For example: If you want to see the first 10 occurrences of a particular chunk of text, enter the number of lines as 10 and the starting line as 0.


Filters the data according to User ID, User Name, Auth Source, Session, Client IP, Category, and Message.