NSX Version: 6.4.5
Log Insight Version: 4.8
NSX Management Pack: 3.9
When I go to the NSX-vSphere Edge – Firewall dashboards all of them are blank. If I go to the interactive analysis section that drives each of these individual dashboards, the filters are looking for “vmw_nsx_edge_firewall_action”, which appears to be none.
If in that section, I remove that as a filter I have plenty of hits. The only vmw_nsx fields I can filter on is as follows:
An example of one of my entries is as follows:
Aug 9 11:54:45 ESG-0 firewall: DROP_131073IN= OUT=vNic_0 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=15402 DF PROTO=TCP SPT=53598 DST=9997 WINDOW=64240 RES=0x00 SYN URGP=0
I assume the “DROP_” portion of the log message should be the “vmw_nsx_edge_firewall_action” piece but doesn’t seem to show up in a filter. Is it possible the format of the log message was changed in NSX 6.4.5?