VMware Auditing Overview
The VMware Knowledge Pack expands the auditing and reporting capabilities of InTrust to VMware vCenter, ESX and ESXi.
You can audit the following in your virtual environments:
- Allocation of resources
- Management of security settings
- Status indicator changes
These capabilities help ensure that you can easily avoid denial-of-service situations in production-critical virtual environments.
Setup
Requirements
Components
Installation
Requirements
For details about the versions of VMware environments that InTrust can audit, see the following topics:
Components
Auditing of VMware virtual environments is achieved by installing the VMware vCenter and ESX/ESXi Knowledge Pack. The Knowledge Pack contains the following InTrust objects:
- Data sources:
- VMware vCenter events
- VMware ESX and ESXi events
- Sites:
- Microsoft Windows Network\VMware vCenter Servers
- Unix Network\VMware ESX and ESXi Servers
- Gathering policies:
- Microsoft Windows Network\VMware vCenter
- Unix Network\VMware ESX and ESXi
- Import policies:
- Windows Network\VMware vCenter
- Unix Network\VMware ESX and ESXi
- Tasks:
- VMware vCenter weekly event collection
- VMware ESX and ESXi weekly event collection
The Knowledge Pack also includes reports:
- Virtual machine startups and shutdowns
- Virtual machine reconfigurations
- Virtual machine snapshot activity
- Virtual machine creations and deletions
- VMware All Events
- VMware ESX Configuration Changes
- VMware Permission Changes
- VMware User Logon and Logoff
