We are going through an audit of the vRA applications and there are several questions around logging of operations and where the actions are captured. Is there any detailed information on what data is contained in the different logs. I found a link that calls out all the log files that are used but there is limited information around what is captured. (https://kb.vmware.com/s/article/2141175)?
I’m looking for detailed level information that would be able to assist in a potential malicious attack or researching nefarious events that might have been the result of compromised security. This would include login attempts, base application level configuration changes, tenant level changes, etc. With any of these we would want to know if the user attempting the operation was logged, the event was time stamped and what log file would contain the information. Also, are there best practices defined around off-loading log files outside of vRealize Log Insight (ie. Rsyslog, etc)
Lastly, would there be any logs that would document the initial configuration or setup of the application that might be valuable to assist in the recovery or rebuild of the application in the case of a catastrophic failure? Also, what are best practices for exporting configuration of the application setup or the internal tenant and blueprint structure in the application.