I have found that illegal access logs for Nexus VDCs are all on the Admin context logs and no logs appear on each VDC, like the one below: Authentication failure for illegal user cisco from 10.230.250.40 - sshd[20191 i.e if user tried to access the ...