skip to Main Content

Log Intelligence – Presenting New Content Pack for VMware Cloud on AWS

Log Intelligence – Presenting New Content Pack For VMware Cloud On AWS

In this blog, I will be showing new content pack for Log Intelligence “Audit Events for VMware Cloud on AWS”. It provides powerful insight into audit events generated in the VMware Cloud on AWS SDDCs allowing admins to audit, monitor and troubleshoot activity in their environment

Value of Content Pack – Audit Events for VMware Cloud on AWS

It provides the following benefits

Use CaseBenefit
Security AuditingAdmin can view details of the user activity in the SDDC deployed in VMWonAWS such as successful login/logout & failed login attempts
Infrastructure Monitoring and VisibilityAdmin can monitor and get visibility of events for the Virtual Machines deployed in the SDDC such as Creation, Deletion, Power On/Off, and unregistered can also give list of unique VMs in the environment help identify VM’s experiencing high activity
Troubleshoot SDDC Connectivity IssuesAdmin can view Gateway policy creation and update events to triage connectivity issues
Alerts & NotificationsAdmins can configure Alerts and get notified authentication events, Proactive Infrastructure Visibility and Monitoring

How to enable the content pack

Navigate to left navigation menu for Content Pack

Click on the tile “VMware – Audit Events for VMware Cloud on AWS”

It will prompt you to “Enable” content pack

Verify it is successfully enabled

What does the Content Pack Include?

Once the content pack is enabled you will get OOTB queries and alert definitions. Additionally, you can also create Dashboard Charts for the queries to visualize and examine the logs

OOTB Queries

Following are the OOTB queries which you get when the content pack is enabled. It is divided into 3 categories

Sr. NoCategoryQueryDescription
1User ActivityAudit Events for VMware Cloud on AWS | User Session Bad UsernameDisplays login attempts with an invalid user name grouped by SDDC and source IP
2Audit Events for VMware Cloud on AWS | User Session Failed LoginDisplays failed login attempts grouped by SDDC and source IP
3Audit Events for VMware Cloud on AWS | User Session LoginDisplays user login events grouped by SDDC and source IP
4Audit Events for VMware Cloud on AWS | User Session LogoutDisplays user logout events grouped by SDDC and source IP
5Virtual Machine ActivityAudit Events for VMware Cloud on AWS | Virtual Machine Count by SDDCDisplays count of unique virtual machines for which events have been captured during the selected time frame.
6Audit Events for VMware Cloud on AWS | Virtual Machine CreatedDisplays virtual machine creation and clone events grouped by SDDC and user.
7Audit Events for VMware Cloud on AWS | Virtual Machine DeletedDisplays virtual machine delete events grouped by SDDC and user.
8Audit Events for VMware Cloud on AWS | Virtual Machine Log EventsEvent counts grouped by the virtual machine. Use to identify vm’s experiencing high activity and then drill down to details.
9Audit Events for VMware Cloud on AWS | Virtual Machine Powered OffDisplays virtual machine power off events grouped by SDDC and user.
10Audit Events for VMware Cloud on AWS | Virtual Machine Powered OnDisplays virtual machine power-on events grouped by SDDC and user.
11Audit Events for VMware Cloud on AWS | Virtual Machine UnregisteredDisplays virtual machine unregister events grouped by SDDC and user.
12Gateway Policy RulesAudit Events for VMware Cloud on AWS | Gateway Policy Created/UpdatedDisplays gateway policy create and update events grouped by user.

Alert Definitions

Following are the OOTB alert definitions which you get when the content pack is enabled. It is divided into 3 categories

Sr. NoCategoryAlert DefinitionDescription
1User ActivityAudit Events for VMware Cloud on AWS | User Session Bad UsernameThis alert will trigger when a login is attempted with an invalid username.
2Audit Events for VMware Cloud on AWS | User Session Failed LoginThis alert will trigger when a login attempt fails.
3Audit Events for VMware Cloud on AWS | User Session LoginThis alert will trigger when a user logs into VMC SDDC environment.
4Audit Events for VMware Cloud on AWS | User Session LogoutThis alert will trigger when a user logs out of VMC SDDC environment.
5Audit Events for VMware Cloud on AWS | Virtual Machine CreatedThis alert will trigger when a new virtual machine is created or cloned
6Audit Events for VMware Cloud on AWS | Virtual Machine DeletedThis alert will trigger when a virtual machine is deleted.
7Audit Events for VMware Cloud on AWS | Virtual Machine Powered OffThis alert will trigger when a virtual machine is powered off.
8Audit Events for VMware Cloud on AWS | Virtual Machine Powered OnThis alert will trigger when a virtual machine is powered on
9Audit Events for VMware Cloud on AWS | Virtual Machine UnregisteredThis alert will trigger when a virtual machine is unregistered.
10Gateway Policy RulesAudit Events for VMware Cloud on AWS | Gateway Policy Created/UpdatedThis alert will trigger when a VMWonAWS gateway policy is created or updated

Dashboard Chart

You can create Dashboard Widgets for the queries to visualize and examine the logs

Navigate to Dashboard left navigation menu and click on Add Chart

Search for the Audit Events Content Pack OOTB query and click it

You should see message popup “Chart successfully added to dashboard”

Sample Dashboards

Here I have added all the OOTB queries into a Dashboard which will help you visualize the same

Conclusion

VMware Log Intelligence gives you unified visibility into VMware Cloud on AWS environments which allows admins/application owners to troubleshoot/application monitoring along with security monitoring

Getting Started with Log Intelligence

For a free trial, you can click here or reach out to your account team

To learn more about Log Intelligence please visit here



** This post was originally published on https://blogs.vmware.com/management/2019/07/log-intelligence-presenting-new-content-pack-for-vmware-cloud-on-aws.html **

 

×Close search
Search