In my previous blog post, I described how to capture and visualize both successful and, more importantly, failed login attempts in NSX environment using Aria Operations for Logs dashboards.

With the release of Aria Operations 8.18, VMware has made it even easier to monitor such audit events in vSphere components directly within Aria Operations itself, thanks to the new Audit Events functionality. This feature provides a fast and straightforward way to gain visibility into critical security and operational activities across your vSphere infrastructure – without the need for complex integrations or custom dashboards.

In this post, I’ll walk you through the prerequisites for using Audit Events in Aria Operations, and highlight the key benefits this new feature brings to your monitoring and compliance workflows.

What Are Audit Events in Aria Operations?

Audit Events in Aria Operations allow you to view, filter, and analyze a wide range of activity logs across your vCenter Servers, including user logins, logouts, configuration changes, permission modifications, and more. For all details please see the official documentation. These events are crucial for security and compliance audits, enabling you to quickly identify suspicious actions, trace changes, and ensure accountability within your virtual infrastructure.

Prerequisites for Using Audit Events

To leverage Audit Events in Aria Operations 8.18, you need to meet the following requirements:

Once these prerequisites are fulfilled, Audit Events become available within the Aria Operations interface, allowing you to filter events by severity, user, vCenter, object type, object ID, and event category.

• The Aria Operations for Logs Integration must be properly configured in Aria Operations.
• The minimum required version for Aria Operations for Logs is 8.18.
• Aria Operations for Logs must be collecting logs from all vCenter Servers that are also monitored by Aria Operations.

The following screenshot shows the very simple Aria Operations for Logs Integration configuration in Aria Operations.

Key Benefits and Use Cases

In the following screenshot you see how to navigate to the Audit Events page in Aria Operations.

• Enhanced Security and Compliance: Instantly see who made changes, when, and where, supporting both internal and external audit requirements.

In the next screenshot you see how easy it is to track for example changes to permissions in vCenter.

• Operational Transparency: Quickly identify failed login attempts and permission changes.

In the next picture you can see failed login attempts to one of my ESX hosts.

• Customizable Filtering: Drill down by event type, user, or object to investigate incidents or track specific activities.
• Unified View: Audit Events are displayed alongside other operational data, giving you a holistic view of your environment.

Conclusion

With the introduction of Audit Events in Aria Operations 8.18, VMware has taken a significant step toward simplifying security and compliance monitoring for vSphere environments. This feature reduces the time and effort required to track critical events, making it easier for administrators and security teams to maintain a secure and well-governed infrastructure.

If you haven’t explored Audit Events yet, now is the perfect time to upgrade and take advantage of this powerful new capability.

Stay safe.

Thomas – https://twitter.com/ThomasKopton