You will find quite a few events in VMware that do not show the exact operation that happened.

Particularly, configuration changes in the hostnetworksystem and configuration changes in individual virtual machine don't contain parameters of what actually changed.

Unfortunately, since the parameters are not even logged, analyzing the logs will not help much.

If precise log information that includes this parameters, the IP address of the client the effected the change and operations that were attempted but not authorized, you may want to try a tool like HyTrust.

http://www.vmware.com/appliances/directory/166453?SRC=WWW_VMW_VAM_Featured_504_166453

Many of our customers buy it precisely for that purpose.

There is a utility that you  can at the Tech Support console called vmkerrcode that can give you a little information. I copy it off from time to time.

http://budgetvirtual.com/wp-content/themes/prosumer/files/errcode.xls

If you have a real issue though I would use VMware support.

This could help but it is quite a read from different sources...

http://communities.vmware.com/docs/DOC-3930

http://answers.oreilly.com/topic/363-how-to-analyze-vmware-esx-login-logs/

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101164...

and this one is like mother to all Event ID's http://www.eventid.net/ - we are using this on daily basis in my workplace

IMHO VMware should create something like EventID website for reference...

Regards,

M.F.