I received multiple requests about setting up syslog servers and logging in vCloud Networking and Security 5.1 App Firewall and Edge Gateway. In this blog, I am going to show how to setup syslog servers and enable logging in vCloud Networking Security 5.1 Manager, App Firewall and Edge Gateway.
Manager syslog configuration
Login to Manager web interface and select Settings & Reports -> Configuration -> General tab and click Edit button next to Syslog Server to configure the syslog server.
Manager sends System Events and Audit Logs to configured syslog server. Manager sends log messages to UDP port 514 by default. Sample System Event and Audit Log messages received by syslog server are shown below.
After the App firewall is installed, syslog servers can be configured as shown below by using vShield tab of the ESXi host. Up to three syslog servers can be configured for each App firewall. App firewall sends syslog messages to UDP port 514.
Sample log messages received by syslog server from App firewall are shown below and notice the rule id in the log messages to correlate with the rule in the App firewall configuration. Edge Gateway syslog configuration
After the Edge Gateway is installed, syslog servers can be configured as shown below. Setup the syslog servers with the matching protocol. Syslog servers by default listen on UDP port 514. Edge Gateway sends syslog messages to port 514. Edge Gateway allows to control logging on a per feature basis.Edge firewall logging is controlled on a per firewall rule basis. Check the “Log” option as shown below to enable logging.
Sample log message received by syslog server from Edge firewall is shown below. Notice the rule id in the log message to correlate with the rule in Edge firewall configuration.
Logging for Edge gateway SSL VPN-Plus can be enabled at the service level as shown below. Get notification of these blogs and more vCloud Networking and Security information by following me on Twitter @vCloudNetSec.