TestDrive

VMware Log Insight

Updated

The following section shows how VMware Log Insight helps view security flow logs of NSX-T DataCenter processes

1. VMware Log Insight for Deep Inspection Security Log

Using VMware vRealize Log Insight, you can view the security flow logs of the NSX-T Data Center 3.2 environment.  The following security features support flow logging:

  • DFW micro-segmentation rules
  • IDS/IPS
  • Ransomware attacks

All the security verticals generate and save unified security flow logs in the Unified Security Logs format in a single log file on a node. This single log is exported to syslog server, which is configured for VMware vRealize Log Insight. VMware vRealize Log Insight will then process the logs to provide further log management, analysis, and display them by using NSX-T Security content pack.

2. Log Insight dashboards

Navigate to the Log Insight dashboards.

  • Click the Log Insight icon (vRLI-Demo) from the desktop for auto sign-on (Active Directory login: demo1_nsxsecop).
  • Click NSX Dashboards (1) -> Overview to view all security KPIs captured.

3. Update data

  • Select the 2/1/2022 to current date as a time range, hit Refresh to update data:

Now you can view insights over this timeframe by selecting the respective dashboards in the left navigation pane.

4. NSX Security dashboard

NSX Security dashboard, including security audit logs:

5. NSX Micro-segmentation dashboard

NSX Micro-segmentation dashboard

6. NSX DFW Firewall rules dashboard

NSX DFW Firewall rules dashboard

7. NSX IDPS dashboard

NSX IDPS dashboard

Previous Article NSX-T Distributed Firewall
Next Article Conclusion and Support Information