ESXi Security Events Log Monitoring

Version 1

    Introduction

    The attached document goes over a set of security-related events and how they are logged on ESXi 4.0. The focus is on actions initiated directly on the ESXi host, since these would bypass vCenter for the most part. The ideal case of course is to perform all actions through vCenter, since this automatically records events in the vCenter Events table, but there are certain cases in which direct access to the ESXi host is involved.  Use this information to help you configure your log collection system to alert you to security-related events of interest

     

    Intended Audience

    VI and Security Admins

     

    Author

    Charu Chaubal, Sr. Technical Marketing Architect, VMware

     

    Disclaimer

    You use this proven practice at your discretion. VMware and the author do not guarantee any results from the use of this proven practice. This proven practice is provided on an as-is basis and is for demonstration purposes only.