In the blog post, I will be exhibiting key capabilities of Log Intelligence which helps Customers gain operational insights into VMware Cloud on AWS environment
VMware Cloud on AWS Service Overview
VMware Cloud on AWS brings VMware enterprise-class Software-Defined Data Center (SDDC) software to the AWS Cloud. It enables customers to run production across private, public & hybrid cloud environments based on VMware vSphere®, with optimized access to AWS services.
VMware Log Intelligence Service Overview
VMware Log Intelligence offers unified visibility across private clouds and AWS, including VMware Cloud on AWS, to provide deep operational insights and faster root cause analysis. It adds structure to unstructured log data, provides rich dashboards and delivers innovative indexing and machine learning based intelligent grouping for faster troubleshooting
Key Capabilities of Log Intelligence for VMware Cloud on AWS
Log Intelligence is deeply integrated with VMware Cloud on AWS Infrastructure which makes it the only logging solution which provides visibility to VMware Cloud on AWS SDDC(s).
The following section gives the details for capabilities which Log Intelligence offer
Audit and NSX-T firewall Log Data
By default, Audit logs are collected in Log Intelligence for all the SDDCs deployed in VMware Cloud on AWS. For NSX-T firewall its matter of enabling it in the Log Intelligence UI and admins will automatically start seeing firewall logs, allowing them to audit, monitor and troubleshoot VMC environment
This is a unique capability of log intelligence
VMware Cloud on AWS Content Pack
This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment
Once enabled you will get queries, alert definitions which can be used
Queries
Alert Definitions
You can save the queries on the Shared or Private Dashboards or enable Alert Definitions to send email/webhook notifications.
Dashboards
Here I have saved 2 queries on Shared Dashboard so that all users can view the same
Alerts and Notifications
Once enabled you can view recent alerts on the Home Page and if configured you can get an email or webhook notification. Here I have sent webhook to slack
Recent Alerts
Email Notification
Webhook Notification on slack
Forward log events from Log Intelligence to other endpoints
Log intelligence allows you to forward logs to other endpoints. You can forward all VMC logs or use filters to forward specific logs.
Currently, it supports the following endpoints
- OnPrem vRealize Log Insight
- On Prem Syslog Server using TCP
- On Prem Syslog Server using UDP
- On Prem Splunk
- On Prem Default – Authenticated HTTPs endpoint
- Splunk Cloud Endpoint
- Authenticated Cloud endpoint over HTTPs
Note – Any OnPrem endpoint will need Cloud Proxy deployed in your environment which log intelligence communicates with to forward logs
For detailed configuration on how to configure log forward please refer documentation here
Export Log Events
You can export the results of a log query to share them with other systems, or forward them to your support contact
Conclusion
Log Intelligence provides real-time visibility into VMware Cloud on AWS SDDC environment via Audit logs. Firewall Logs allows customers to log packets for specific firewall rules to accelerate troubleshooting and maintain security
Getting Started
For a free trial, you can click here or reach out to your account team.
To learn more about Log Intelligence click here.