HowTo: vCenter alarm for root login

virtuallyGhetto has posted a detailed guide with scripts for monitoring superuser access to ESXi 5.0.

Now that we have identified the particular event we are interested in, we simply just create a new custom alarm that monitors for this event and ensure that “userName” property matches “root” as the user we are trying to alarm on. I wrote a vSphere SDK for Perl script called monitorUserLoginAlarm.pl that can be used to create an alarm on any particular user login.

The script requires only two parameters: alarmname (name of the vCenter alarm) and user (username to alarm on).

[…]

Note: The alarm action is currently to alert within vCenter, if you would like it to perform other operations such as sending an email or an SNMP trap, you can edit the alarm after it has been created by the script.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.