Hi, im new on nsxt and i have question regarding nsxt firewall logs.
Currently weusing nsxt 2.4 on ourtest enviornment with esxi 6.7.
We set the log features enable on nsxt manager but it seem to logs are written on esxi host atleast 5 minutes or more later firewall rules are triggered.
Is nsxt acting normal or can it be mis configuration or kind of well known bug?
if the rules are like many this is something expected, in the other hand try to live log with tail -f var/log/vmkernel.log and check there also check in the controller logs of in the ESXi host try yo cath the DFW rules applied on a specific VM with summarize-dvfilter command check on this link https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/nsxt_23_troubleshoot.pdf page 34
in short, look if rules are painted there and if you see your tag(label you put on the rule not tag from security tag) on logs as well.
hope this helps