AcuteSys
Contributor
Contributor

vShield Edge Firewall Rule Logs

I am testing out vShield Edge Firewall and would like to be able and see traffic being blocked or accepted. Where are the firewall logs that will show me this traffic for an individual edge appliance?

Can it be done through the CLI or Web UI?

0 Kudos
3 Replies
amatt240
Enthusiast
Enthusiast

You can point your vShield Edge to a Syslog server such as Splunk, then if there is a rule you wish to log (usually only the default "Block" rule) then you can go to the firewall, add the "Log" column, then go to the bottom rule and change it to "log". Also the "Statistics" column can give you some information.

I highly recommend also using "vShield App" on your hosts; that will give you "Flow Monitor" and is very useful for troubleshooting traffic for networks.

Texiwill
Leadership
Leadership

Hello,

The best way is to direct your vCNS Edge/App to syslog, however you can also get the same information from the CLI once you login and enable. You can use 'show log' per http://www.vmware.com/pdf/vshield_51_cli.pdf

Best regards,

Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
AcuteSys
Contributor
Contributor

Thanks guys for the suggestions, I ended up utilizing VMware Log Insight for this, but a little disappointed in the vShield product for not including this very basic and almost "Standard" feature for a firewall/router in my opinion.

I did use some of the CLI commands to monitor traffic as well as you suggested Texiwill.

0 Kudos