VMware NSX

 View Only

  • 1.  How to log NSX firewall rules

    Posted Nov 10, 2020 02:57 AM

    Hi. We are running NSX-V v6.4.6 and would like to start logging some certain Block rules. I see that if I turn on logging for a rule in the DFW it will get logged on the hypervisor in /var/log/dfwpktlogs.log but we dont want to go through all our hypervisors. How can I log this centrally? We do use Log Insight for NSX and I bet we need to. So when we stand that up I assume we need to change all the hypervisors Syslog configuration to this? We have our NSX Manager going to another syslog box, but I guess we will change that to point to Log Insight as well. Thank you for clarification on this. Thanks,,,



  • 2.  RE: How to log NSX firewall rules

    Broadcom Employee
    Posted Nov 10, 2020 06:30 AM

    DFW logs are stored at /var/log/dfwpktlogs.log on each host, this is the reason we need centralized syslog server for all hosts . As you already have loginsight you can easily do the integration with vCenter and it will inject the syslog configuration, you don't need to do it manually on each host. 



  • 3.  RE: How to log NSX firewall rules

    Posted Nov 10, 2020 08:11 PM

    As aa recommendation, I would point all hosts, vCenters, NSX Managers and VMware applianes to the Log Insight box.

    If you enable firewall logging and have Log Insight configured the logs will appear over there.

    Hope that was useful