Enthusiast
Enthusiast

How to log NSX firewall rules

Hi. We are running NSX-V v6.4.6 and would like to start logging some certain Block rules. I see that if I turn on logging for a rule in the DFW it will get logged on the hypervisor in /var/log/dfwpktlogs.log but we dont want to go through all our hypervisors. How can I log this centrally? We do use Log Insight for NSX and I bet we need to. So when we stand that up I assume we need to change all the hypervisors Syslog configuration to this? We have our NSX Manager going to another syslog box, but I guess we will change that to point to Log Insight as well. Thank you for clarification on this. Thanks,,,

0 Kudos
2 Replies
VMware Employee
VMware Employee

DFW logs are stored at /var/log/dfwpktlogs.log on each host, this is the reason we need centralized syslog server for all hosts . As you already have loginsight you can easily do the integration with vCenter and it will inject the syslog configuration, you don't need to do it manually on each host. 

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 4x
0 Kudos

As aa recommendation, I would point all hosts, vCenters, NSX Managers and VMware applianes to the Log Insight box.

If you enable firewall logging and have Log Insight configured the logs will appear over there.

Hope that was useful

0 Kudos