In this blog, I will be demonstrating about capability of Log Intelligence which provides unified visibility into VMware Cloud on AWS NSX-T network packet logs.
Benefits / Use Case
Following are the benefits and applicable use cases for Log Intelligence
|
Benefit |
How |
Use Case |
| Monitor Logical Network (Segments) | Automatically forward the logs to Log Intelligence service when a logical network was created, changed or deleted in VMC | Troubleshooting Use case –
Assists in the troubleshooting of any network issues due to any network change. Also allows you to keep in check the number of networks created in the cloud |
| Monitor Firewall Rules | If enabled from VMC Console logs will be saved in Log Intelligence service when a firewall rule is created changed or deleted in VMC
This is for both Gateway (Compute & Management) and Distributed firewall |
Security Monitoring –
Firewall and NAT rules are a critical feature which keeps the SDDC secure. Using this you can maintain the security of the SDDC |
| Monitor NAT rules | Automatically forward the logs to Log Intelligence service when a NAT rule is created changed or deleted in VMC | Application Monitoring –
Analyze traffic sources and destinations for the application. |
How to enable logging for firewall rule(s)
By default, firewall rule logs don’t get forwarded to Log Intelligence service. You will need to enable it from VMware Cloud on AWS console
Following section describe the process of how to do the same
Management Gateway Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Management Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
Compute Gateway Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Compute Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
Distributed Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Distributed Firewall under Security section, select your preferred section and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
NSX-T for VMware Cloud on AWS – Content Pack
Log Intelligence has made it simple by providing an OOTB content pack for NSX-T for VMware Cloud on AWS. This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware Cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment
Procedure to enable/disable content pack
Navigate to Content Pack menu to enable/disable content pack
Once it is enabled you get OOTB queries and alert definitions which allows getting notified via Email or Webhook
Samples Log Messages from the OOTB Content Pack
NSX-T for VMware Cloud on AWS | Logical Network Created
NSX-T for VMware Cloud on AWS | Logical Network Deleted
NSX-T for VMware Cloud on AWS | Virtual Machine Created
NSX-T for VMware Cloud on AWS | Virtual Machine Removed
NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Created
NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Changed
NSX-T for VMware Cloud on AWS | NAT Rule Created
NSX-T for VMware Cloud on AWS | NAT Rule Deleted
Sample Alerts
Following are some alerts which were triggered for NSX-T for VMware Cloud on AWS OOTB Alert Definitions
Conclusion
VMware Log Intelligence gives you unified visibility into VMware Cloud on AWS NSX-T network packet logs which allow admins/application owners to troubleshoot/application monitoring along with security monitoring
Getting Started with Log Intelligence
For a free trial, you can click here or reach out to your account team
To learn more about Log Intelligence please visit here
