Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
127 views1 page

VMware Auditing Quick Reference Guide

This document provides information on auditing events in a VMware environment using vCenter Server, vSphere Client, and PowerCLI. It lists some common VMware events like VM power on/off, account changes, and permissions changes. It also describes how to view events in the vCenter Events view, vSphere Events view, and through PowerCLI commands like Get-VIEvent to retrieve events from the past 120 days filtered by event type and time range. The document promotes a free trial of Netwrix Auditor for comprehensive event monitoring and visibility into all VMware environment activity.

Uploaded by

FIRAT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
127 views1 page

VMware Auditing Quick Reference Guide

This document provides information on auditing events in a VMware environment using vCenter Server, vSphere Client, and PowerCLI. It lists some common VMware events like VM power on/off, account changes, and permissions changes. It also describes how to view events in the vCenter Events view, vSphere Events view, and through PowerCLI commands like Get-VIEvent to retrieve events from the past 120 days filtered by event type and time range. The document promotes a free trial of Netwrix Auditor for comprehensive event monitoring and visibility into all VMware environment activity.

Uploaded by

FIRAT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Quick Reference Guide

VMware Auditing
VMware vCenter Server 4.1-6.0

VCenter Events View


Common VMware
Events:
 Run vSphere Web Client on your vCenter server > Navigate to  VmPoweredOffEvent – VM powered
“Events” Tab > Event Console will open where you can find all off
events happened with your virtual machines  VmPoweredOnEvent – VM powered
on

vSphere Events View VmSuspendedEvent – VM
suspended
 AccountCreatedEvent – Account
 Run vSphere Client on your computer > Select a Host > Navigate to created
“Events” Tab > “Event Console” will open where you can find all  AccountRemovedEvent – Account
removed
events happened with your virtual environment
 AccountUpdatedEvent – Account
updated

PowerCLI Events View  EnteredMaintenanceModeEvent –


Entered maintenance mode
 ExitMaintenanceModeEvent – Exit
 Run VMware PowerCLI connect to your vCenter using command: maintenance mode
 Connect-VIServer –server servername  PermissionAddedEvent –
Permission added
 Execute command Get-VIEvent  PermissionRemovedEvent –
 You can get more information by executing: Get-Help Get-VIEvent Permission removed
 You can specify parameters by adding the monitored event from  PermissionUpdatedEvent –
Permission updated
the Common VM Events list into this script (save this script in txt  UserLoginSessionEvent – User login
file with .ps1 extension) and run this script in PowerCLI console:  UserLogoutSessionEvent – User
Get-VIEvent -Start (Get-Date).adddays(-120) | ` logout
 UserPasswordChanged – User
where {$_.gettype().Name -eq "add event here” - password changed
and $_.CreatedTime -lt (Get-Date).adddays(1)} | `  AlarmAcknowledgedEvent – Alarm
acknowledged
select @{N="VMname"; E={$_.Vm.Name}},
 BadUsernameSessionEvent –
@{N="OccuredTime"; E={$_.CreatedTime}}, Invalid user name
 ClusterCreatedEvent – Cluster
@{N="Hostname"; E={$_.Host.Name}}, created
 ClusterDestroyedEvent – Cluster
@{N="Username"; E={$_.UserName}} deleted
 You can find full list of events here –
 You can also select different date range by changing “adddays” url2open.com/vmevents
parameter.

Gain #completevisibility into all activity in your VMware environment


for free with Netwrix Auditor for VMware: netwrix.com/go/trial-vm

Corporate Headquarters: Toll-free: 888-638-9749 Int'l: 1-949-407-5125


300 Spectrum Center Drive, Suite 1100, EMEA: 44 (0) 203-318-0261 netwrix.com/social
Irvine, CA 92618

You might also like