You will find quite a few events in VMware that do not show the exact operation that happened.
Particularly, configuration changes in the hostnetworksystem and configuration changes in individual virtual machine don't contain parameters of what actually changed.
Unfortunately, since the parameters are not even logged, analyzing the logs will not help much.
If precise log information that includes this parameters, the IP address of the client the effected the change and operations that were attempted but not authorized, you may want to try a tool like HyTrust.
http://www.vmware.com/appliances/directory/166453?SRC=WWW_VMW_VAM_Featured_504_166453
Many of our customers buy it precisely for that purpose.