James Thew - Fotolia

What is enhanced logging and how does it boost vSphere security?

Logs have been an integral piece of troubleshooting. New enhanced logs boosts vSphere security by providing much more detail about errors and changes.

Security has become a final crucial battleground for virtualization technology. The problem isn't keeping VMs and data protected from other instances; operational VMs have never been successfully breached through the hypervisor. Rather, security has advanced to embrace the dynamics of virtualization that take place when VMs start and move.

Additional clarity in management and reporting also benefits VM security, especially when hundreds or even thousands of VMs are running across the enterprise. VMware introduces and improves on several important vSphere security features in version 6.5. Let's look beyond VM Encryption and VM secure boot, and consider one of the lesser-known new vSphere security features: enhanced logging.

What is enhanced or actionable logging in vSphere 6.5?

VMware introduces and improves on several important vSphere security features in version 6.5.

Logs are a vital part of systems management and troubleshooting, alerting administrators to errors or changes that take place within the environment. The challenge with traditional logs is that they often only report the event, omitting salient details surrounding the event. For example, a log might report that the configuration of a certain virtual machine has changed. That's important, and can quickly draw the attention of an administrator.

The problem is that logs typically don't report corresponding details like what states or settings have changed, what the original states or settings were, and who made the change. An administrator must still examine the affected resource and identify any changes or errors manually, making troubleshooting more frustrating and time-consuming than necessary. Even then, there is rarely any means of identifying the offending individual who made the change, leaving security weak.

VMware introduced the idea of enhanced logging as a new vSphere security feature. It's aimed to address these traditional log file shortcomings. VMware now handles vCenter events through syslog data which adds actionable details to the log entry without the need for verbose content.

Undesirable or inappropriate changes can be identified and corrected faster and with less guesswork. For example, if the amount of memory provisioned to a VM is changed, enhanced logging can detail the original memory amount and the new memory amount instead of just noting that VM's configuration has changed.

How well do you know new vSphere 6.5 features and upgrades?

Take this quiz to test your knowledge on the new vSphere 6.5 features as well as all of the other changes that came with the VMware's latest release of its core virtualization product.

As another example, moving a VM from one vSwitch to another will create a log entry showing the original and final result of that change, allowing an administrator to quickly identify any potential causes and assess possible performance or security consequences.

Enhanced logging in vSphere 6.5 also works in conjunction with tools like VMware Log Insight or other third-party log managers such as log analytics tools. The presence of additional log details can help organizations set up more granular or comprehensive alerts in log management tools, allowing for more proactive and effective support.

Next Steps

Troubleshooting vSphere Replication issues

What are the requirements for Fault Tolerance logging?

VMware vRealize Log Insight offers more than just central logging

Dig Deeper on VMware ESXi, vSphere and vCenter

Virtual Desktop
Data Center
Cloud Computing