Hello,
You can use HyTrust for this as well as the vCenter Task/Event log. Outside of that you will need to use something like LogInsight (creating your own custom rules), Splunk (perhaps creating some of your own custom parsers). You will end up writing a parser that correlates vCenter logins with tasks created by user and then that task will tell you what actually happened. It is a massive correlation effort but tools do exist to assist.
HyTrust is a pretty good tool for Compliance auditing.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast
--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill