VMware Cloud Community
ppgdtap
Enthusiast
Enthusiast

Audit access to vRLI

We had a query that worked on v4.5 which returned the list of users who have accessed vRLI to look at logs of any kind:

  • source contains localhost
  • .LoginActionBean\] \[User login success: Active Directory User: SAM=\w+, Domain=.+, UPN=

Unfortunately this no longer works in the latest version.

We have a PCI requirement to show who is accessing logs - how can we devise a query that does that?

Reply
0 Kudos
0 Replies