VMware Networking Community
SebastianGrugel
Hot Shot
Hot Shot
‎05-22-2017 06:15 AM

If NSX log rules to syslog if rule is ALLOW ?

My environment:

NSX 6.2.2

Syslog (some suse Linux VM)

We have in NSX many rules and unfortunately somebody onbegining configured "Default rule" at ANY ANY ALLOW Smiley Happy then above rules don't  make sense ? if I good understand ? all traffic is open ?

Screenshot_3.png

Now we would like fix this and we would like check what is pass by this "Default rule" before we configure this to BLOCK. We checked what is happening on syslog for this rule... and we don't have any events related with this rule... If this is normal ?

Screenshot_4.png

because different rules which we have ALLOW are logged to SYSLOG:

Example - rule 3975

Screenshot_5.png

We use last

Screenshot_6.png

Please about some suggestion.

Thanks

Sebastian

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
0 Kudos
1 Reply
rajeevsrikant
Expert
Expert
‎05-22-2017 06:48 PM

Can you ensure that you are not filtering any logs generated from ESXi to the syslog servers ?

If the logging is enabled by default all the logs are written in the file "dfwpktlogs.log" in each ESXi hosts.

So if you have configured to send all the logs inside "dfwpktlogs.log" to syslog & if no logs are matching the rule ID 1002 then it is fine.

Also hope that the logs are not rotated in your syslog & you have the logs for atleast for a period of 3 months to confirm it.

0 Kudos