I have a client that has gotten a request from their auditors to provide the following information on VMware logging;
Event log alerting and monitoring configuration
Access privileges to modify event logs
Event log system settings (what events are being tracked)
Is there a relatively easy way to pull this info?
Does your client have a log aggregation system in place? If not, the answer to all of these goes something like "no".
Not sure what you mean.
They have vRealize Log Insight.
They have vRealize Log Insight.
Then that's a log aggregator, yes.
Event log alerting and monitoring configuration
This is a broad question. By default vRLI does not enable any alerts on logs. You have to do that yourself.
Access privileges to modify event logs
Once logs are ingested into vRLI, they are immutable.
Event log system settings (what events are being tracked)
Would either have to be done on the basis of an agent group applied to a given host, or a client-side syslog configuration.
I haven't used Log insight before.
Would this provide a list of what's monitored (Event log system settings (what events are being tracked))?
That would be half the battle.
Theoretically, yes, but without more details I couldn't give you specifics.
Can you give me a hint where to look in Log insight? :smileylaugh:
Not unless you can give me a hint on what you specifically are asking for.
Unfortunately, That's all I got from the client.
A table with exactly what I put in my question.
Those are the exact words the auditors used.
Then best I can do is repeat myself from above when I said
Would either have to be done on the basis of an agent group applied to a given host, or a client-side syslog configuration.