View Only
  • 1.  Audit script

    Posted Nov 05, 2010 11:12 AM


    We have a very secure environment (PCI compliant) and need to audit ALL changes on VMs whether they are powered up or down. I do have a script that does this but it only picks up changes to VMs that are powered up (which by definition generally won't be memory-add etc).

    What I need is a report that will audit every change to a VM and who did it in a plain-English text! So for example: VM: vmname, DISK: Changed from 30Gb to 35Gb. etc

    Can this be done? Like I say, I can't pick it up for VMs that are powered off when the script runs.


  • 2.  RE: Audit script

    Broadcom Employee
    Posted Nov 05, 2010 02:45 PM

    All changes to a VM whether it's online or offline can be tracked, when you use the vSphere Client to say add a new device or increase the storage capacity of a disk, you will see it logged. This is part of the tasks/events that can be queried using the vSphere API, so you can extract this information.

    If you're looking for COTS applications, you may want to check out one of VMware's recent acquisitions from EMC portfolio vCenter Configuration Manager - formally EMC Ionix which also has canned compliance reports built into, one of which is PCI. I believe Hytrust also has a product that integrates with VMware around compliance and auditing of events - and also ties into PCI and other types of compliance checks.


    William Lam

    VMware vExpert 2009,2010

    VMware VCP3,4

    VMware VCAP4-DCA

    VMware scripts and resources at:

    Twitter: @lamw

    Getting Started with the vMA (tips/tricks)

    Getting Started with the vSphere SDK for Perl

    VMware Code Central - Scripts/Sample code for Developers and Administrators

    VMware Developer Community

    If you find this information useful, please award points for "correct" or "helpful".

  • 3.  RE: Audit script

    Posted Nov 05, 2010 02:53 PM

    nCircle and ENVISION are also fairly popular products for Compliance and Reporting....

  • 4.  RE: Audit script

    Posted Nov 12, 2010 05:53 AM

    HyTrust can definitely help address your audit need. The key capabilities of the HyTrust Appliance center around access control, policy management, audit-quality logging and hypervisor hardening for vSphere and Nexus. In terms of audit logging, we provide very granular audit logs of exactly who did what, when, and to what resource (username, command, IP address, object being managed, etc.). These audit logs cover all access methods to vSphere including direct to ESX/ESXi and vCenter as well as across all APIs (ssh, vSphere client, HTTP, powershell, rCLI, perl). In addition, HyTrust aggregates the vCenter logs with the HyTrust operational logs so you have one set of complete audit logs that you can use for compliance, monitoring, troubleshooting, etc.

    RSA is a partner and recently announced enVision and Archer integration with HyTrust Appliance ( in case you are an RSA customer.

    Lastly, since you mentioned, PCI. VMware, Cisco, HyTrust, Savvis and Coalfire recently released a joint reference architecture on PCI DSS 2.0 for the cloud which you might be interested in as well (

    Let us know if we can help in any way.



  • 5.  RE: Audit script

    Posted Sep 11, 2014 11:47 AM

    Hello, I know that this post is old, sorry for that, but if someone is still looking for a vmware auditing solution to audit all changes to VMs even if they are powered off and get plain-English text report, take a look at Netwrix Auditor for VMware solution which has 20 days free trial. It will help you to overview configuration changes on a daily basis and also prepare reports for your IT compliance.