VMware Cloud Community
MrCheesecake
Enthusiast
Enthusiast

6.7 U2 enhanced auditing features "missing"- What did I miss?

Good afternoon!

Per this article https://www.virtuallyghetto.com/2019/04/enhanced-vcenter-server-audit-event-logging-in-vsphere-6-7-u... , it appears that the vCenter events should be tracking info to include source IPs as part of login entries.  My vCenter is running VCSA 6.7U2b (upgraded from from 6.0 to 6.5, etc. over time) but all I see for a successful login is "User domain\username@127.0.0.1 logged in as h5-client/6.5.0".

I have increased overall logging from info to verbose and it still hasn't helped.  Looking at the advanced configuration settings, I see "verbose" for all the various logger.xxx options.

It's almost like some kind of auditing flag/setting is still stuck in a pre-6.7U2 state but I'm not sure where to look.  What did I miss?

Thanks in advance for any ideas/suggestions you may have!

Reply
0 Kudos
1 Reply
MrCheesecake
Enthusiast
Enthusiast

One other thing to mention is that the /var/log/audit/sso-events/audit_events.log file (where I believe some/all of this info should be captured) is empty with a modified date of 4/30/19.  This is unusual since the VCSA has been updated and rebooted since then.

Reply
0 Kudos