Cloud Management Platform Cloud Operations Cross-Cloud Services Log Analytics Vmware vRealize vRealize Suite

VMware Cloud on AWS Infrastructure Visibility using Log intelligence

In the blog post, I will be exhibiting key capabilities of Log Intelligence which helps Customers gain operational insights into VMware Cloud on AWS environment

VMware Cloud on AWS Service Overview

VMware Cloud on AWS brings VMware enterprise-class Software-Defined Data Center (SDDC) software to the AWS Cloud. It enables customers to run production across private, public & hybrid cloud environments based on VMware vSphere®, with optimized access to AWS services.

 

VMware Log Intelligence Service Overview

VMware Log Intelligence offers unified visibility across private clouds and AWS, including VMware Cloud on AWS, to provide deep operational insights and faster root cause analysis. It adds structure to unstructured log data, provides rich dashboards and delivers innovative indexing and machine learning based intelligent grouping for faster troubleshooting

AWS log intelligence

 

Key Capabilities of Log Intelligence for VMware Cloud on AWS

Log Intelligence is deeply integrated with VMware Cloud on AWS Infrastructure which makes it the only logging solution which provides visibility to VMware Cloud on AWS SDDC(s).

AWS log intelligence

 

The following section gives the details for capabilities which Log Intelligence offer

Audit and NSX-T firewall Log Data

By default, Audit logs are collected in Log Intelligence for all the SDDCs deployed in VMware Cloud on AWS. For NSX-T firewall its matter of enabling it in the Log Intelligence UI and admins will automatically start seeing firewall logs, allowing them to audit, monitor and troubleshoot VMC environment

This is a unique capability of log intelligence

VMware Cloud on AWS Content Pack

This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment

Once enabled you will get queries, alert definitions which can be used

Queries

Alert Definitions

You can save the queries on the Shared or Private Dashboards or enable Alert Definitions to send email/webhook notifications.

 

Dashboards

Here I have saved 2 queries on Shared Dashboard so that all users can view the same

Alerts and Notifications

Once enabled you can view recent alerts on the Home Page and if configured you can get an email or webhook notification. Here I have sent webhook to slack

Recent Alerts

Email Notification

Webhook Notification on slack

 

Forward log events from Log Intelligence to other endpoints

Log intelligence allows you to forward logs to other endpoints. You can forward all VMC logs or use filters to forward specific logs.

Currently, it supports the following endpoints

  • OnPrem vRealize Log Insight
  • On Prem Syslog Server using TCP
  • On Prem Syslog Server using UDP
  • On Prem Splunk
  • On Prem Default – Authenticated HTTPs endpoint
  • Splunk Cloud Endpoint
  • Authenticated Cloud endpoint over HTTPs

Note – Any OnPrem endpoint will need Cloud Proxy deployed in your environment which log intelligence communicates with to forward logs

 

 

For detailed configuration on how to configure log forward please refer documentation here

Export Log Events

 

You can export the results of a log query to share them with other systems, or forward them to your support contact

 

 

Conclusion

Log Intelligence provides real-time visibility into VMware Cloud on AWS SDDC environment via Audit logs. Firewall Logs allows customers to log packets for specific firewall rules to accelerate troubleshooting and maintain security

Getting Started

 

For a free trial, you can click here or reach out to your account team.

To learn more about Log Intelligence click here.