Using VMware vRealize Log Insight, you can view the security flow logs of the NSX-T Data Center 3.2 environment.  The following security features support flow logging:

• DFW micro-segmentation rules
• IDS/IPS
• Ransomware attacks

All the security verticals generate and save unified security flow logs in the Unified Security Logs format in a single log file on a node. This single log is exported to syslog server, which is configured for VMware vRealize Log Insight. VMware vRealize Log Insight will then process the logs to provide further log management, analysis, and display them by using NSX-T Security content pack.

Navigate to the Log Insight dashboards.

• Click the Log Insight icon (vRLI-Demo) from the desktop for auto sign-on (Active Directory login: demo1_nsxsecop).
• Click NSX Dashboards (1) -> Overview to view all security KPIs captured.

• Select the 2/1/2022 to current date as a time range, hit Refresh to update data:

Now you can view insights over this timeframe by selecting the respective dashboards in the left navigation pane.

NSX Security dashboard, including security audit logs:

NSX Micro-segmentation dashboard

NSX DFW Firewall rules dashboard

NSX IDPS dashboard