Monitor Domain Admins Using VMware Log Insight

I had a customer asking me yesterday, if it was possible to use Log Insight, to monitor changes done to the Domain Admins group.

An interesting use case, that i had not thought of before.
The answer is off course yes, so i thought i would write a small post about it.

The first thing I did, was to create a new user, with an easy search name.
So i created the user : liuser (as a name - not only logon name).

Then I added the user to the groups Domain Admins, and went to interactive analytics in Log Insight and did a search for liuser.

I then went to events, and clicked on show all lines, on the top event.

To make sure i only got the right details, i then marked the lines that i thought would narrow my search, and selected “contains=……” 

I ended up with 2 filters in my search.

If it turns out, that it’s not enough, then i can always go back and modify my search.

Now all there is left, is to decide, if i want to show this as a widget, or get an alert everything this event happens.

Hope this gave some inspiration on what you can use Log Insight for. It suddenly did for me.

Related Posts

• Cloud Management Experience Day
• Data collection Catalog Item in VRA
• VMware Lifecycle Manager - The first tool to install