Distributed Firewall Logs in NSX 6.1

jlagrand · ‎04-30-2015

Hello

In NSX 6.1 the DFW are no longer in the vmkernel.log but on dfwpktlogs.log.

How can we forward logs included in dfwpktlogs.log to a remote server ?

It does not work with the standard remote server log configuration on the Advance setting on the host.

Johan

NealeC · ‎06-22-2015

Hi Johan,

What is the existing syslog config on your esxi host(s)?

esxcli system syslog config get

Also the log flag is enabled on a per-rule basis.

Are you seeing nothing in dfwpktlogs.log or just that the dfwpktlogs.log is not pushed to your configured syslog server?

Chris

-------------- If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Chris Neale VCIX6-NV;vExpert2014-17;VCP6-NV;VCP5-DCV;VCP4;VCA-NV;VCA-DCV;VTSP2015;VTSP5;VTSP4 http://www.chrisneale.org http://www.twitter.com/mrcneale

azharsoomro · ‎06-30-2015

Hi Johan,

These logs are stored in /var/log/dfwpktlogs.log file on each ESXi host. These logs can then be pushed over to the configured remote syslog receivers. The standard esxcli commands available on the ESXi host can be use to configure for remote syslog servers. Please note we are talking about Rule Messages logs. There are two other DFW logs also, System Event and Audit Messages.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200332...

Thanks

Azhar

All

Distributed Firewall Logs in NSX 6.1