10.2 Audit Logging
vCloud Director stores an activity log in the vCloud Director database. The last 30 days of relevant activity log data is available to tenants.
Use external syslog servers to redirect relevant logs for audit and troubleshooting purposes. vRealize Log Insight can be used because it is a scalable enterprise grade solution that can collect log data through traditional syslog protocols or through agents both from Linux and Windows systems. It provides built in dashboards for quick analytics of collected data for vSphere, vCloud Director, VMware NSX, SQL and other solutions.
Edge gateway logs can be collected either by a provider to a central syslog server (accessible through a vCloud Director external network (see Section
7.4.5,
vCloud Director Edge Gateways) or to a tenant syslog server.
The distributed firewall log is not accessible to tenants because the log is generated by the ESXi host enforcing the specific vNIC rule and sent to central ESXi configure syslog target. However, the tagging mechanism is available to filter logs of a particular tenant.