In this blog, I will be demonstrating about capability of Log Intelligence which provides unified visibility into VMware Cloud on AWS NSX-T network packet logs.

Benefits / Use Case

Following are the benefits and applicable use cases for Log Intelligence

Benefit

How

Use Case

Monitor Logical Network (Segments) Automatically forward the logs to Log Intelligence service when a logical network was created, changed or deleted in VMC Troubleshooting Use case –

Assists in the troubleshooting of any network issues due to any network change.

Also allows you to keep in check the number of networks created in the cloud

Monitor Firewall Rules If enabled from VMC Console logs will be saved in Log Intelligence service when a firewall rule is created changed or deleted in VMC

This is for both Gateway (Compute & Management) and Distributed firewall

Security Monitoring –

Firewall and NAT rules are a critical feature which keeps the SDDC secure.

Using this you can maintain the security of the SDDC

Monitor NAT rules Automatically forward the logs to Log Intelligence service when a NAT rule is created changed or deleted in VMC Application Monitoring –

Analyze traffic sources and destinations for the application.

 

How to enable logging for firewall rule(s)

By default, firewall rule logs don’t get forwarded to Log Intelligence service. You will need to enable it from VMware Cloud on AWS console

Following section describe the process of how to do the same

Management Gateway Firewall Rule

In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Management Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”

Compute Gateway Firewall Rule

In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Compute Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”

Distributed Firewall Rule

In the Networking & Security Tab of the SDDC navigate to Distributed Firewall under Security section, select your preferred section and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”

NSX-T for VMware Cloud on AWS – Content Pack

Log Intelligence has made it simple by providing an OOTB content pack for NSX-T for VMware Cloud on AWS. This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware Cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment

Procedure to enable/disable content pack

Navigate to Content Pack menu to enable/disable content pack

Once it is enabled you get OOTB queries and alert definitions which allows getting notified via Email or Webhook

Samples Log Messages from the OOTB Content Pack

NSX-T for VMware Cloud on AWS | Logical Network Created

NSX-T for VMware Cloud on AWS | Logical Network Deleted

NSX-T for VMware Cloud on AWS | Virtual Machine Created

NSX-T for VMware Cloud on AWS | Virtual Machine Removed

NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Created

NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Changed

NSX-T for VMware Cloud on AWS | NAT Rule Created

NSX-T for VMware Cloud on AWS | NAT Rule Deleted

Sample Alerts

Following are some alerts which were triggered for NSX-T for VMware Cloud on AWS OOTB Alert Definitions

Conclusion

VMware Log Intelligence gives you unified visibility into VMware Cloud on AWS NSX-T network packet logs which allow admins/application owners to troubleshoot/application monitoring along with security monitoring

Getting Started with Log Intelligence

For a free trial, you can click here or reach out to your account team

To learn more about Log Intelligence please visit here

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *