Hi,

Moved to the security section of the forums as you're likely to get a better response here.

--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at http://www.vi-toolkit.com

Contributing author at blog www.planetvm.net

Twitter: @wilva

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

Hello,

My environment is vSphere 4.0 vCenter plus multiple ESXi 4.0 servers.

What tools are available in this environment for collecting my VMs log files for security hardening archival purposes.

Not sure you really need the VM log files, but as of now there is no tool that does this. Gathering logs for auditing purposes are there to determine who did what when where and how. vmware.log files are really there for debugging and not necessarily answering those questions. That information comes from the hostd.log, /var/log/secure, and other logs in /var/log. The most you can get out of vmware.log is that a remote console was opened, but that also is seen from within the hostd.log, etc.

Am I limited to scripts in vSphere CLI or vMA?

CLI not even vMA unless you use SSH as the best method if you want these logs is to implement a logtail functionality that sends the logfiles to syslog and your remote logserver, but since much of this information is mainly for debugging purposes, not sure its needed for auditing purposes.

Since I use ESX, I tend to use logtail functionality on these logs, but as I said its not really for auditing but for problem determination.

Other options?

None unfortunately.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]