1 min to read
Alert/Notification when a VM is added or removed from the Exclusion List in NSX for vSphere
Here is a quick approach to setting up a Log Insight alert to send out a notification when a VM is added/removed from the Exclusion List in NSX.
Below is the event you would expect in syslog (Log Insight in this case), along with a screenshot of the filter (from the NSX content pack in Log Insight) I used to locate it. I built a simple email alert notification using these two things.
The syslog event tells you the UserName that made the change to the exclusion list.
2019-04-04T19:56:20.048+11:00 nsx-manager.ultimate.local NSXV 6146 - [nsxv@6876 comp="nsx-manager" subcomp="manager"] [AuditLog] UserName:'vsphere.local\administrator', ModuleName:'APP_EXCLUDE_LIST', Operation:'MODIFY', Resource:'Global', Time:'Thu Apr 04 19:56:20.047 AEDT 2019', Status:'SUCCESS', Universal Object:'false
You can then look in the Network and Security tab in NSX and see what was changed in the Exclusion List. We can see here that vm-103 was removed.
You can quickly translate the vm object name to inventory name using the below PowerCLI one liner:
get-vm -Id VirtualMachine-vm-103