0 Replies Latest reply on Feb 11, 2020 4:02 AM by mirko91

    Login events in Log Insight with RBAC

    mirko91 Lurker



      I need to create a multi tenancy vRA environment and I am requested to set up RBAC in Log Insight to give access to tenant admins to relevant logs.

      I installed and configured vRA 7.5+ Content Pack to ingest vRA logs.


      I am able to create a data set using the "tenant" filter, but it seems that events related to user login to vRA do not contain this attribute. They can be filtered with an extracted field "tenant_name" instead, but it seems it is not possible to use an extracted field to create a data set.


      If I use a data set filtered by tenant, some events like this are present:


      [UTC:2020-02-11 11:21:16,595 Local:2020-02-11 11:21:16,595] vcac: [component="cafe:identity" priority="INFO" thread="tomcat-http--83" tenant="MYTENANT" context="CuIX9nPB" parent="" token="CuIX9nPB"] com.vmware.vcac.core.identity.service.impl.LocalCafeMembershipProvider.findMembershipForPrincipals:282 - Loading user info for current user '{Name: MYUSER, Domain: vsphere.local}'...


      These seem related to user logon activities, but they cannot catch logon failures.


      Is there a way to create data sets containing logon activity grouped by tenant?


      Thank you,