VMware Aria Operations for Logs for NSX

Updated on

Inspecting Security Log

Using VMware Aria Operations for logs, you can view the security flow logs of the NSX Data Center 4.1 environment.  The following security features support flow logging:

  • DFW micro-segmentation rules
  • Ransomware attacks

All the security verticals generate and save unified security flow logs in the Unified Security Logs format in a single log file on a node. This single log is exported to syslog server, which is configured for VMware Aria Operations for logs. VMware Aria Operations for logs will then process the logs to provide further log management, analysis, and display them by using NSX Security content pack.

Log Insight Dashboards

Navigate to the Log Insight dashboards.

  • Click the Log Insight icon (vRLI-Demo) from the desktop for auto sign-on (Active Directory login: demo1_nsxsecop).
  • Click General Overview  (1) -> Overview to view all security KPIs captured.

VMware Aria Operations for logs with NSX Operations content pack provides the collection, consolidation and correlation of NSX log data. This content pack provides dashboards with information of distributed firewall, IDS/IPS rules, audit information and errors. NSX Security dashboard sort information based on user defined time intervals and the data is presented graphically for NSX admins to view the issues.