VMware Cloud Community
BobD01
Contributor
Contributor

Audit script

Hi,

We have a very secure environment (PCI compliant) and need to audit ALL changes on VMs whether they are powered up or down. I do have a script that does this but it only picks up changes to VMs that are powered up (which by definition generally won't be memory-add etc).

What I need is a report that will audit every change to a VM and who did it in a plain-English text! So for example: VM: vmname, DISK: Changed from 30Gb to 35Gb. etc

Can this be done? Like I say, I can't pick it up for VMs that are powered off when the script runs.

Thanks!

Reply
0 Kudos
4 Replies
lamw
Community Manager
Community Manager

All changes to a VM whether it's online or offline can be tracked, when you use the vSphere Client to say add a new device or increase the storage capacity of a disk, you will see it logged. This is part of the tasks/events that can be queried using the vSphere API, so you can extract this information.

If you're looking for COTS applications, you may want to check out one of VMware's recent acquisitions from EMC portfolio vCenter Configuration Manager - http://www.vmware.com/products/configuration-manager/ formally EMC Ionix which also has canned compliance reports built into, one of which is PCI. I believe Hytrust also has a product that integrates with VMware around compliance and auditing of events - http://www.hytrust.com/ and also ties into PCI and other types of compliance checks.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware VCP3,4

VMware VCAP4-DCA

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
sysxperts
Enthusiast
Enthusiast

nCircle and ENVISION are also fairly popular products for Compliance and Reporting....

Paul Valentino - VCP, EMCCA - @sysxperts @vcommunitytrust - Help the vCommunity one certification at a time! http://www.vcommunitytrust.org/ http://igg.me/p/212476?a=1091980
Reply
0 Kudos
echiu
Contributor
Contributor

HyTrust can definitely help address your audit need. The key capabilities of the HyTrust Appliance center around access control, policy management, audit-quality logging and hypervisor hardening for vSphere and Nexus. In terms of audit logging, we provide very granular audit logs of exactly who did what, when, and to what resource (username, command, IP address, object being managed, etc.). These audit logs cover all access methods to vSphere including direct to ESX/ESXi and vCenter as well as across all APIs (ssh, vSphere client, HTTP, powershell, rCLI, perl). In addition, HyTrust aggregates the vCenter logs with the HyTrust operational logs so you have one set of complete audit logs that you can use for compliance, monitoring, troubleshooting, etc.

RSA is a partner and recently announced enVision and Archer integration with HyTrust Appliance (http://virtualization.info/en/news/2010/10/hytrust-partners-with-rsa.html) in case you are an RSA customer.

Lastly, since you mentioned, PCI. VMware, Cisco, HyTrust, Savvis and Coalfire recently released a joint reference architecture on PCI DSS 2.0 for the cloud which you might be interested in as well (http://info.hytrust.com/pci_reference_architecture.html).

Let us know if we can help in any way.

Best,

-Eric

Reply
0 Kudos
Netwrix
Enthusiast
Enthusiast

Hello, I know that this post is old, sorry for that, but if someone is still looking for a vmware auditing solution to audit all changes to VMs even if they are powered off and get plain-English text report, take a look at Netwrix Auditor for VMware solution which has 20 days free trial. It will help you to overview configuration changes on a daily basis and also prepare reports for your IT compliance.

Reply
0 Kudos