The attached document goes over a set of security-related events and how they are logged on ESXi 4.0. The focus is on actions initiated directly on the ESXi host, since these would bypass vCenter for the most part. The ideal case of course is to perform all actions through vCenter, since this automatically records events in the vCenter Events table, but there are certain cases in which direct access to the ESXi host is involved. Use this information to help you configure your log collection system to alert you to security-related events of interest
VI and Security Admins
Charu Chaubal, Sr. Technical Marketing Architect, VMware
You use this proven practice at your discretion. VMware and the author do not guarantee any results from the use of this proven practice. This proven practice is provided on an as-is basis and is for demonstration purposes only.