View and Export Audit Logs

Audit logs capture administrative actions carried out in the system. These actions are regular CRUD operations, and login/logout alerts. The audit logs capture the actions from the API, the user interface, and the CLI.
  • The audit log feature is always on.
  • VMware Aria Operations for Networks
    supports the UTC format in the audit logs.
  • The audit log is integrated with the syslog. You can configure the syslog collector to collect all the audit logs.
  • You can export all the audit log data in a CSV file.
Currently, the following administrative actions are not captured in audit logs:
  • SSH login logs. You can find the SSH logs in
    /var/log/auth.log
    .
  • Changes in Physical IP and DNS Mapping.
  • Changes in Physical Subnets and VLANS.
  1. Go to
    Settings
    Logs
    Audit Logs
    .
  2. The following details are shown on the
    Audit Logs
    page:
    Information
    Description
    Date & Time
    Timestamp of the actual action performed.
    IP Address
    IP address of the client from which the connection is established such as the CLI or the browser.
    User Name
    User who is performing the action.
    Object Type
    Object on which the action is being performed.
    Operation
    Different actions that the user performs on the object.
    Object Identifier
    Unique identifier for that particular object on which the action is being performed.
    Response
    Indicator for success or failure of the operation
    Details
    Details of the settings that have been changed such as the nickname or a property.
  3. To allow the collection of information when the user logs in through a browser or CLI, enable
    Allow collection of Personally Identifiable Information
    . This option is deactivated by default.
    The
    IP Address
    and the
    User Name
    columns are blank if this option is deactivated.
  4. Click
    Export as CSV
    to export the audit log data in the CSV format.