Hi,
We have a very secure environment (PCI compliant) and need to audit ALL changes on VMs whether they are powered up or down. I do have a script that does this but it only picks up changes to VMs that are powered up (which by definition generally won't be memory-add etc).
What I need is a report that will audit every change to a VM and who did it in a plain-English text! So for example: VM: vmname, DISK: Changed from 30Gb to 35Gb. etc
Can this be done? Like I say, I can't pick it up for VMs that are powered off when the script runs.
Thanks!
All changes to a VM whether it's online or offline can be tracked, when you use the vSphere Client to say add a new device or increase the storage capacity of a disk, you will see it logged. This is part of the tasks/events that can be queried using the vSphere API, so you can extract this information.
If you're looking for COTS applications, you may want to check out one of VMware's recent acquisitions from EMC portfolio vCenter Configuration Manager - http://www.vmware.com/products/configuration-manager/ formally EMC Ionix which also has canned compliance reports built into, one of which is PCI. I believe Hytrust also has a product that integrates with VMware around compliance and auditing of events - http://www.hytrust.com/ and also ties into PCI and other types of compliance checks.
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware VCP3,4
VMware VCAP4-DCA
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
nCircle and ENVISION are also fairly popular products for Compliance and Reporting....
HyTrust can definitely help address your audit need. The key capabilities of the HyTrust Appliance center around access control, policy management, audit-quality logging and hypervisor hardening for vSphere and Nexus. In terms of audit logging, we provide very granular audit logs of exactly who did what, when, and to what resource (username, command, IP address, object being managed, etc.). These audit logs cover all access methods to vSphere including direct to ESX/ESXi and vCenter as well as across all APIs (ssh, vSphere client, HTTP, powershell, rCLI, perl). In addition, HyTrust aggregates the vCenter logs with the HyTrust operational logs so you have one set of complete audit logs that you can use for compliance, monitoring, troubleshooting, etc.
RSA is a partner and recently announced enVision and Archer integration with HyTrust Appliance (http://virtualization.info/en/news/2010/10/hytrust-partners-with-rsa.html) in case you are an RSA customer.
Lastly, since you mentioned, PCI. VMware, Cisco, HyTrust, Savvis and Coalfire recently released a joint reference architecture on PCI DSS 2.0 for the cloud which you might be interested in as well (http://info.hytrust.com/pci_reference_architecture.html).
Let us know if we can help in any way.
Best,
-Eric
Hello, I know that this post is old, sorry for that, but if someone is still looking for a vmware auditing solution to audit all changes to VMs even if they are powered off and get plain-English text report, take a look at Netwrix Auditor for VMware solution which has 20 days free trial. It will help you to overview configuration changes on a daily basis and also prepare reports for your IT compliance.