Applies To:
- VMware ESX 3 and later.
- VMware ESXi 5.5 and later.
- VMware vCenter 6.0 and 6.5.
Overview
VMware is a virtualization and cloud computing software provider. VMware virtualization is based on the ESXi bare metal hypervisor, supporting virtual machines. The term "VMware" is often used in reference to various VMware Inc. products such as VMware vCenter, VMware Workstation, VMware View, VMware Horizon Application Manager and VMware vCloud Director.
Providing log and audit coverage across VMware components can be difficult since each component of VMware writes audit logs and tasks in different ways. Within ESXi, the Tasks & Events pane provides a view into administrator activities; these can be fetched via API. EventTracker seamlessly aggregates and assists in analysis and visualization aided by alerts, reports and dashboards.
EventTracker Knowledge Pack for VMware allows you to monitor the following components:-
- Operations:- Clusters, data centers, virtual machine created or removed and high resource usage.
- Security:- Alarms triggered
- Compliance:- Policy and permission changes, configuration changes and Esxi host/vCenter login and logout.
Once logs are received in to EventTracker reports, alerts and dashboards can be configured into EventTracker.
The following Knowledge Packs are available in EventTracker v9 and later to support VMware ESXi and vCenter Server monitoring:
Reports
- VMware- Cluster created or removed: This report provides information about the activities related to cluster created or removed.
- VMware-Data center added or deleted: This report provides information about the activities related to data center added or deleted.
- VMware-Datastore creation or deletion: This report provides information about the activities related to datastore creation or deletion.
- VMware- Virtual machine connected and disconnected: This report provides information about the activities related to virtual machine connected and disconnected.
- VMware- Virtual machine power on or off: This report provides information about the activities related to virtual machine power on or off.
- VMware- Virtual machine installation errors: This report provides information about the activities related to virtual machine installation errors.
- VMware-Virtual machine created or removed: This report provides information about the activities related to virtual machine created or removed.
- VMware- Esxi host added or removed: This report provides information about the activities related to esxi host added or removed.
Alerts
- VMware ESXi: Host added: This alert is generated when an ESXi host is added.
- VMware ESXi: Task failed: This alert is generated when an ESXi Task fails.
- VMware ESXi: Virtual machine created: This alert is generated when an ESXi virtual machine is created.
- VMware ESXi: Virtual machine reconfigured: This alert is generated when an ESXi virtual machine is reconfigured.
- VMware ESXi: High resource usage alarm: This alert is generated when utilization of ESXi resource is high.
- VMware vCenter: Virtual machine created: This alert is generated when a virtual machine is created.
- VMware vCenter: Virtual machine removed: This alert is generated when a virtual machine is removed.
- VMware ESX: Virtual machine created: This alert is generated when a ESX virtual machine is created.
- VMware ESX: High resource usage alarm: This alert is generated when utilization of ESX resource is high.
Reports
- VMware- Alarms triggered: This report provides information about the activities related to alarms triggered.
- VMware- Esxi host authentication failures: This report provides information about the activities related to esxi host authentication failures.
Alerts
- VMware ESXi: User authentication failed: This alert is generated when a ESXi authentication failure occurs.
- VMware ESXi: Account created: This alert is generated when an ESXi account is created.
- VMware vCenter: User role deleted: This alert is generated when a user role is deleted in vCenter.
- VMware vCenter: User role modified: This alert is generated when a user role is modified.
- VMware ESX: User authentication failed: This alert is generated when a ESX authentication failure occurs.
- VMware ESX: Task failed: This alert is generated when a ESX task fails.
Reports
- VMware- Esxi host login and logout: This report provides information about the activities related to Esxi host login and logout.
- VMware- vCenter login and logout: This report provides information about the activities related to vCenter login and logout.
- VMware- vCenter Firewall configuration changes: This report provides information about the activities related to vCenter firewall configuration changes.
- VMware- Policy and permission changes: This report provides information about the activities related to policy and permission changes.
Alerts
- VMware ESXi: User authentication success: This alert is generated when a ESXi authentication is successful.
- VMware vCenter: User permission removed: This alert is generated when user permission on vCenter is removed.
- VMware Firewall configuration changed: This alert is generated when a firewall configuration changes are done.
- VMware ESX: Virtual machine reconfigured: This alert is generated when a ESX virtual machine is reconfigured.
Scope
The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later, VMware ESX 3 and later,VMware ESXi 5.5 and later,VMware vCenter 6.0 and later.
Documentation:
For more information please refer the Integration guide