folder with permissions in vc

hi,

if someone deletes user/group with permissions on say for
example a virtual machine folder....... which log file will this be recorded in?

is there anyway i can check who or when someone removed it?

thank you
LuiChenAsked:
Who is Participating?
 
coolsport00Commented:
If that doesn't show anything, log into vCenter and click on File -> Export -> Export System Logs and see if that shows anything.

~cooslport00
0
 
coolsport00Commented:
Check the Tasks/Events tab in vCenter.

~coolsport00
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
check the events in vcenter to see if anthing was recorded.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
otherwise you would have to inspect the logs on the vcenter server.
0
 
LuiChenAuthor Commented:
thanks for the fast replys:

i could not see anything in tasks and events.

i got logs already but dont know where exactly to search in them !

is it pointless trying to locate it ???

0
 
coolsport00Commented:
Well, the logs more than likely won't show it. I'm thinking it doesn't show that kind of info. I'm not sure of any other 3rd party utility that could give that info either if you were to implement in your infrastructure...

~coolsport00
0
 
coolsport00Commented:
If you open your logs, just do a 'search' for "remove" or "delete" or something like that, and maybe about the timeframe you think it happened.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
to be honest this could one of the audit trail holes which exists.

just check if any user ids are recorded in logs, quick search.

you may not find any record.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
without knowing the full events, you may be able to possibly suspect someone, but hard evidence may be difficult to prove.
0
 
LuiChenAuthor Commented:

well i might do a quick search again 2moro..!

thanks anyway
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
no problems, its one our many holes in vcenter management.
0
 
coolsport00Commented:
keep us posted if you find anything...
0
 
Danny McDanielClinical Systems AnalystCommented:
the tasks/events data drops off in the client after 24 hours or something like that.  The entries all go in the database, though, but I'm not sure if there's an easy way to view it.  There is a setting under Administration | vCenter Server settings | Database Retention Policy for how long to keep the entries in the db, too, so if someone has dropped that number down; the data could have already been dropped.

the tables are vpx_event and vpx_task so if you're comfortable with your db, you could view/query the tables directly and see if that gives you the information you want.
0
 
Danny McDanielClinical Systems AnalystCommented:
http://communities.vmware.com/thread/258967?tstart=0 has some talk about using PowerCLI to query for task info.
0
 
LuiChenAuthor Commented:
yeah,

file export system/user logs
or
query the db directly

didn't get chance to do it but they are probably the
easiest way!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.