The following section shows how VMware Log Insight helps view security flow logs of NSX-T DataCenter processes
1. VMware Log Insight for Deep Inspection Security Log
Using VMware vRealize Log Insight, you can view the security flow logs of the NSX-T Data Center 3.2 environment. The following security features support flow logging:
- DFW micro-segmentation rules
- Ransomware attacks
All the security verticals generate and save unified security flow logs in the Unified Security Logs format in a single log file on a node. This single log is exported to syslog server, which is configured for VMware vRealize Log Insight. VMware vRealize Log Insight will then process the logs to provide further log management, analysis, and display them by using NSX-T Security content pack.
2. Log Insight dashboards
Navigate to the Log Insight dashboards.
- Click the Log Insight icon (vRLI-Demo) from the desktop for auto sign-on (Active Directory login: demo1_nsxsecop).
- Click NSX Dashboards (1) -> Overview to view all security KPIs captured.
3. Update data
- Select the 2/1/2022 to current date as a time range, hit Refresh to update data:
Now you can view insights over this timeframe by selecting the respective dashboards in the left navigation pane.