VMware Networking Community
vmmedmed
Enthusiast
Enthusiast
‎03-26-2017 03:15 PM

VMW Log insight using /var/log/vsfwd.log?

Is log insight displaying the records in vsfwd.log? Or is that tool pointing to something else? TY

Tags (1)
0 Kudos
4 Replies
bayupw
Leadership
Leadership
‎03-26-2017 06:01 PM

Hi, are you looking for DFW message bus user world logs?

The logs are in ESXi host /var/log/vsfwd.log.

If you configure ESXi host to forward its logs to external syslog such as vRealize Log Insight, you should be able to see the logs in the syslog system

Here are some references on configuring syslog on ESXi hosts

Configuring syslog on ESXi (2003322) | VMware KB

Configure Syslog on ESXi Hosts

If you are interested in DFW rule or packet logs, you are looking for /var/log/dfwpktlogs.log

Similar to vsfwd.log, this logs are inside ESXi host and you can forward this to external syslog by configuring syslog on your ESXi hosts

Make sure to Enable logging for the rule(s)

See this documentation Firewall Logs

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
vmmedmed
Enthusiast
Enthusiast
‎03-26-2017 06:25 PM

Thanks again. From the doc you sent over I think /var/log/dfwpktlogs.log. is the

file I was really seeking. One detail I don't see is if logging for a particular NSX edge firewall

is different from the firewall found in Networking and Security/Firewall. Do you know if

both send pass/drops to /var/log/dfwpktlogs.log - or just the latter?

0 Kudos
bayupw
Leadership
Leadership
‎03-26-2017 06:41 PM

dfwktlogs are logs for DFW and you can enable log on rules with any Action whether it is Allow or Block.

Edge firewall is on NSX Edge and if you want this to be forwarded to external syslog, you will need to configure syslog on the NSX Edge.

See this document: Configure Syslog Servers for NSX Edge

Similar to DFW, you will need to specify which rule you want to log.

See this document: Add an NSX Edge Firewall Rule

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
vmmedmed
Enthusiast
Enthusiast
‎03-26-2017 07:09 PM

Very helpful - thank you.    

0 Kudos