Applies To:
- VMware ESX 3 and later.
- VMware ESXi 5.5 and later.
- VMware vCenter 6.0 and later.
Overview
VMware is a virtualization and cloud computing software provider for x86-compatible computers. VMware virtualization is based on the ESX/ESXi bare metal hypervisor, supporting virtual machines. The term "VMware" is often used in reference to various VMware Inc. products such as VMware vCenter, VMware Workstation, VMware View, VMware Horizon Application Manager and VMware vCloud Director.
Providing log and audit coverage across VMware components can be difficult since each component of VMware writes audit logs and tasks in different ways. Within ESXi, the Tasks & Events pane provides a view into administrator activities; these can be fetched via an API; other information including performance is only available via syslog. At vCenter, its the Tasks & Events view that provides insight except for the SSO component where text files are written. EventTracker seamlessly aggregates all mentioned logging methods and assists in analysis and visualization aided by alerts, reports and dashboards.
EventTracker Knowledge Pack for VMware ESX/ESXi and vCenter server allows you to monitor the following:-
- Operations:- Virtual disk download, CPU usage, Memory usage and I/O errors.
- Security:- Failed logon attempt, Bypass attempt, Authentication failure and Configuration change.
- Compliance:- User role management, Host added or removed, Virtual machine created or removed and Account created or removed.
Once logs are received in to EventTracker Reports, Alerts and Dashboards can be configured into EventTracker.
The following Knowledge Packs are available in EventTracker v7 and later to support VMware ESX/ESXi and vCenter Server monitoring:
Alerts
- VMware ESX: High resource usage alarm - This alert is generated when high resource usage is detected.
- VMware ESX: Task failed - This alert is generated when task fails.
- VMware vCenter: Lockdown mode enabled - This alert is generated when lockdown mode is enabled.
- VMware vCenter: SCSI error - This alert is generated when SCSI error occurs.
- VMware vCenter: SCSI high IO latency - This alert is generated when high IO latency is detected.
- VMware vCenter: Virtual disk download - This alert is generated when virtual disk is downloaded.
Reports
- VMware vCenter-Virtual disk download: This report provides information related to virtual disk download, which includes Disk Volume, File Name and Virtual Machine Name fields.
- VMware vCenter-Virtual disk copy: This report provides information related to virtual disk copy, which includes virtual Disk Source, Virtual Disk Destination and Hostname fields.
- VMware-Host CPU usage: This report provides information related to high CPU usage with Host Address and Status(color code) fields.
- VMware-Host memory usage: This report provides information related to high memory usage with Host Address and Status(color code) fields.
Alerts
- VMware ESX: User authentication failed - This alert is generated when user authentication fails.
- VMware ESXi: Host added - This alert is generated when new host is added.
- VMware vCenter: User permission removed - This alert is generated when user permission is removed.
- VMware vCenter: SSO user authentication failure - This alert is generated when SSO user authentication fails.
- VMware ESXi: User authentication success - This alert is generated when user authentication succeeds.
- VMware ESXi: User authentication failed - This alert is generated when user authentication fails.
- VMware vCenter: SSH access enabled - This alert is generated when SSH access is enabled.
Reports
- VMware vCenter-Successful logins: This report provides information related to successful logins, which includes User Name, Source Address and Logon Type fields.
- VMware ESXi-Failed login attempts: This report provides information related to failed login attempts with Host Name, User Name and Source Address fields.
- VMware ESXi-Firewall configuration change: This report provides information related to firewall configuration changed, which includes Firewall Operation, Rulset and Host Name fields.
- VMware-SSO user created: This report provides information related to SSO user creation, which includes User Name and Action fields.
- VMware-SSO user deleted: This report provides information related to SSO user deletion with User Name and Action fields.
- VMware-SSO user authentication failure: This report provides information related to SSO user authentication failure, which includes User Name and Host Name fields.
Alerts
- VMware ESX: Virtual machine created - This alert is generated when virtual machine is created.
- VMware ESXi: Account deleted - This alert is generated when an account is deleted.
- VMware ESXi: Virtual machine reconfigured - This alert is generated when virtual machine is reconfigured.
- VMware vCenter: User role modified - This alert is generated when user role is modified.
- VMware vCenter: Virtual machine created - This alert is generated when virtual machine is created.
- VMware vCenter: Virtual machine removed - This alert is generated when virtual machine is removed.
- VMware vCenter: User role deleted - This alert is generated when user role is deleted.
- VMware vCenter: Firewall configuration change - This alert is generated when firewall configuration is changed.
Reports
- VMware vCenter-Virtual machine created or removed: This report provides information related to virtual machine creation or removal, which includes Virtual Machine Name, Data Center Name, Host Address and Status fields.
- VMware ESXi-Account created or removed: This report provides account creation or removal on ESXi, which includes Host Address, Account Name, Status and Activity Performed by fields.
- VMware vCenter-Host added or removed: This report provides information related to host addition or removal from data center, which includes Host Address, Status and Data Center Name fields.
Scope
The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later, VMware ESX 3 and later,VMware ESXi 5.5 and later,VMware vCenter 6.0 and later.
Documentation:
For more information please refer the Integration guide