Banks, credit unions, insurance companies,
How to troubleshoot overwrites in change reports for VMWare
|Refer to the KB1844 for details about how VMWare auditing with Netwrix Auditor works.
Overwrites warnings occur because there is some gap between the last collected and the oldest of newly received events.
Try running collections more frequently by configuring a scheduled task trigger (in Netwrix Auditor 8.5 and older) or changing the notifications frequency under Monitoring Plan Settings (9.0 and newer).
If this doesn't help please perform the following steps to troubleshot this and localize the problematic place:
To download VMWare PowerCLI you need to register on the VMware website https://my.vmware.com/web/vmware/login,
Alternatively you can download them from our file service using this link
NOTE. We uploaded them just for the case you are unable to register at VMWare website
The VMWare PowerCLI documentation available here: https://www.vmware.com/support/developer/PowerCLI/
Connect-VIServer %ESXhostname% -User %username% -Password %Password%
Get-VIEvent -Entity * -Start (Get-Date).AddDays(-1) >> D:\%ESX_host_name%.txt
This command will export all available events for all VMs for the last 24 hours and save it to the D:\%ESX_host_name%.txt file
Having the files with events from every server involved into the VMWare data collection we will be able to see which server events are overwritten and probably why.