WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / Automation / Auditing detailed operations within VMware Cloud on AWS using the Activity Log API

Auditing detailed operations within VMware Cloud on AWS using the Activity Log API

06.29.2018 by William Lam // Leave a Comment

All operations (UI or API) that occurs within VMware Cloud AWS (VMC), including but not limited to SDDC creation, deletion, updates, network configurations, user authorization/access, etc. is all captured as part of the Activity Log in the VMC Console. Within the Activity Log, customers will be able view the type of operation, the time the operation occurred, the applicable SDDC as well the user of the operation and all of these fields can be filtered out further.


The UI is great for quickly looking up quick changes, however for customers who require auditing level logging, this may not be sufficient. This was actually a question that I had received from a customer who was interested in getting more details but also a way to send this information back to their on-premises environment for auditing purposes. Luckily, the Activity Log actually stores a lot more information than what is shown in the UI and all of this data is available through the VMC API.

All entries are scoped within a VMC Organization and you can use the following APIs to retrieve all activities or a specific activity given the VMC Task Id:

  • GET /orgs/{org}/tasks - List all tasks for organization
  • GET /orgs/{org}/tasks/{task} - Get task details

PowerCLI

If are you a PowerShell/PowerCLI consumer (which is now supported on all platforms including MacOS and Linux), you can use the VMware.VMC PowerCLI module and the Get-VMCTask function. Below is a screenshot of the exact same task shown in the Active Log UI, but as you can see, there is much more details including any input parameters for a given request. In this example, I was creating a new Firewall Rule within the VMC Console and as you can see, the specific firewall configuration is fully captured.

DCLI

If PowerCLI is not for you, we also have a multi-platform CLI called Datacenter CLI (DCLI) that you can easily interact with the VMC API among other vSphere APIs provided by the vCenter Server Appliance (VCSA) and VAMI interfaces. To list all tasks, you simply run the following:

dcli +vmc +skip +format json com vmware vmc orgs tasks list --org <INSERT ORGID> | python -m json.tool

Note: Piping the output to python is not a requirement, but if you happen to be on a system that has the Python runtime, you can make use of the JSON formatting option that is built in to make the output more readable as shown in the screenshot below:

cURL

In addition to other VMC SDKs, Rest Clients or programming/scripting languages that support Restful APIs, you can also simply access the VMC API using good ol' cURL. Below is a quick snippet which takes your refresh token and the SDDC Org ID and lists all tasks and output will be exactly the same as the two examples above.

REFRESH_TOKEN=<INSERT REFRESH TOKEN>
ORGID=<INSERT ORGID>

AUTH_RESPONSE=$(curl -s -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" -H "accept: application/json" -H "content-type: application/x-www-form-urlencoded" -d "refresh_token=$REFRESH_TOKEN")
ACCESS_TOKEN=$(echo $AUTH_RESPONSE | awk -F '"access_token":"' '{print $2}' | awk -F '","' '{print $1}')

curl -s -X GET -H "Content-Type: application/json" "https://vmc.vmware.com/vmc/api/orgs/${ORGID}/tasks" -H "csp-auth-token: $ACCESS_TOKEN" | python -m json.tool

Lastly, if you prefer to be able to easily search and perform more complex queries without having to consume the VMC API, I know there is some work that is being done to enable the ability to forward all events to the Log Intelligence service which many customers are starting to leverage for logging SaaS-base applications and VMC is another great use for the solution.

More from my site

  • Integrating VMware Cloud Notification Gateway with VMware Event Broker Appliance (VEBA)
  • Custom notification and automation based on host failure in VMware Cloud on AWS
  • ESX 3.x on VMware Cloud on AWS? 
  • Configuring Standalone vRealize Orchestrator with VMware Cloud on AWS
  • Automating HCX Multi-Site Service Mesh configuration using the new HCX PowerCLI cmdlets

Categories // Automation, Security, VMware Cloud on AWS Tags // Activity Log, VMC, VMware Cloud on AWS

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • Changing the default HTTP(s) Reverse Proxy Ports on ESXi 8.0 03/22/2023
  • Quick Tip - How to download ESXi ISO image for all releases including patch updates? 03/15/2023
  • SSD with multiple NVMe namespaces for VMware Homelab 03/14/2023
  • Is my vSphere Cluster managed by vSphere Lifecycle Manager (vLCM) as a Desired Image or Baseline? 03/10/2023
  • Interesting VMware Homelab Kits for 2023 03/08/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...