Contributor
Contributor

How to analyze syslogs of dfw firewalls ?

Can anyone please specify tcp flaps used by dfw firewall ?

Also please let me know how to analyze syslogs of dfw firewalls.

i tried to find details but didn't find any.

i am having issue in which i am  getting TERM action log and FIN flag is displayed in logs. i tried to find blogs and documents explaining action and about how to analyze logs but no luck.

i also see SEM listed in intial traffic logs along with PASS action for flow then later action i can see is TERM with FIN flag.

0 Kudos
5 Replies
VMware Employee
VMware Employee

I'm unsure what tool you are using for syslog ?  Ideally for such deep level inspection you need a IPFIX/Netflow collector and it will easy fetch it .

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 4x
0 Kudos

Hello,

I recommend using vRNI for network visibility and flows.

And vRLI to check the logs of DFW rules specially with the "Interactive Analysis"


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
Contributor
Contributor

I am using loginsight.

nsx forwards logs to loinsight.

I want to understand format of logs and how to analyze logs for dfw.

0 Kudos
Contributor
Contributor

I am using interactive analysis from loginsight tool.

is there any Kb or document which has all the logs interpretation meanings or explanation?

0 Kudos

check the following: Using vRealize Log Insight to manage and review NSX Distributed Firewall rules


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos