Highlighted
Contributor
Contributor

Audit when objects put into/removed from maintenance mode

Hi all,

We recently had an outage on some hosts while doing some automated upgrades for vCenter servers, via a script.

Question:

I wanted to find an audit of when the hosts were put into/removed from maintenance mode.

Investigation:

I have checked the User Activity Audit under Admin>History>Audit>User Activity Audit, unfortunately this does not seem to give me the information I am looking for.

I also checked under the Recent Tasks in Admin>History>Recent Tasks, but I see nothing there, and I assume this is only used for the "Actions" adapter.

Would anyone know if there is a way to achieve auditing when an object was put into/removed from maintenance mode?

Thanks!

0 Kudos
3 Replies
Highlighted
Immortal
Immortal

You probably won't be able to get exactly this with vROps, but you could with vRLI by watching the logged entries either from the host or from the events stream within vCenter (which is configured when you enable vSphere integration).

0 Kudos
Highlighted
Contributor
Contributor

Unfortunately, we do not have vRLI for this environment. I did check one of the analytics log files and this is what I found in there:

[728088] 2018-01-26 08:10:56,022 - UserId : b49bf5c5-b8fc-4516-a115-8106f0098752, UserName : maintenanceAdmin, AuthSource : LOCAL, Session : b49bf5c5-b8fc-4516-a115-8106f0098752::c10bd7e4-90a3-473b-8b49-216faaf0ff69, UserAction : LOGOUT,  - User logged out successfully

This seems to be a logout from the maintenanceAdmin account. Even if it does not show me the exact object that went into maintenance, it would be beneficial to find the login/logout, which should give me an estimate of when it was put into main/taken out of main. Other than that, I don't believe it shows who the user was.

I will continue to investigate this avenue as we do not have vRLI for this environment. I will post back after I have done some testing in the lab.

0 Kudos
Highlighted
Immortal
Immortal

Keep in mind that if you have a vCenter Server Standard license, it comes with a free entitlement to use 25 OSIs of vRLI. So, effectively, if you own vCenter Standard, you also own (a limited) vRLI.