ESXi

 View Only
  • 1.  How to audit datastore access

    Posted May 26, 2015 05:02 PM

    I've always assumed that VMWare would audit datastore access like VMDK downloads and copies.  But having run some tests on ESXi 5.5 with vCenter we don't believe anything is being recorded by syslog or in the Events or Tasks tables.  I can't believe that something as critical to security as copies and downloads of virtual disks would not be audited. 

    I also don't see anything logged when mounting ISOs or local devices for VM CD-ROMs.  Another big security event.

    Can anyone one tell me if this is logged anywhere?  Can you show me examples or direct me where to find it?



  • 2.  RE: How to audit datastore access

    Posted May 26, 2015 05:45 PM

    Once we configure the syslog server and we enable the logging in ESXi than everything get logged in the syslog server.



  • 3.  RE: How to audit datastore access

    Posted May 26, 2015 06:16 PM

    Actually, as I pointed out earlier.  This activity is NOT logged to syslog.  We know that much.  We are capturing the syslogs and there's no mention of the VMDK file name downloaded in tests.



  • 4.  RE: How to audit datastore access

    Posted May 27, 2015 04:10 PM

    Hi,

    Just checking - did you enable "trivia (extended verbose)" logging to see if its picked up there?

    See

    VMware vSphere 5.1



  • 5.  RE: How to audit datastore access

    Posted Feb 08, 2016 01:46 PM

    There are any other Solutions? I want to Audit Downloads from my Datastores.