VMware vSphere

 View Only

Who is creating VMs from OVAs.

  • 1.  Who is creating VMs from OVAs.

    Posted Jul 20, 2022 09:18 AM

    We'd like to be able to identify the user when VMs are been created from OVAs as well as VMware templates in our environment. 

    While collecting the logs is a fairly straightforward process and we can do that easily enough with powercli, We're having trouble it tying the pieces together to be able to ID the creator of OVA deployments 

     

    With OVAs, we can see the user who is instantiating a OVA deployment: 

    Info                 : VMware.Vim.TaskInfo
    Key                  : 47229445
    ChainId              : 47229445
    CreatedTime          : 19/07/2022 10:33:40
    UserName             : <username>
    Datacenter           : VMware.Vim.DatacenterEventArgument
    ComputeResource      : VMware.Vim.ComputeResourceEventArgument
    Host                 : 
    Vm                   : 
    Ds                   : 
    Net                  : 
    Dvs                  : 
    FullFormattedMessage : Task: com.vmware.ovfs.LibraryItem.instantiate

    And the events where the VM is created:

    Key                  : 47229455
    ChainId              : 47229449
    CreatedTime          : 19/07/2022 12:34:15
    UserName             : MyDomain\vpxd-extension-<guid>
    Datacenter           : VMware.Vim.DatacenterEventArgument
    ComputeResource      : VMware.Vim.ComputeResourceEventArgument
    Host                 : VMware.Vim.HostEventArgument
    Vm                   : VMware.Vim.VmEventArgument
    Ds                   : 
    Net                  : 
    Dvs                  : 
    FullFormattedMessage : Created virtual machine <vmname> on <host> in <datacenter>
    ChangeTag            : 

     But what we can't work out is how to link the two - that is find a way to link the User reported int he OVA instantiation event to the VM created  by the vpxd account.

    Anyone have any clue as to how to do this?  Obviously matching vm creations that happen within a few seconds of OVA instantiation - but that's not going to be properly reliable if two get triggered at the same time. 

     

    Thanks

    Dave