One of the new features that was introduced as part of NSX 6.2 was the ability to tag a particular firewall rule with a text string which would then be sent as part of the syslog message. This could then allow you to easily search / filer for that rule within vRealize Log Insight or any other logging application. This can be particular handy if you have multiple tenants and you want to be able to filer rules based on tenants:
I've created two rules, one to allow access to WEB01 and log with Tenant 1 and another to allow access to WEB02 and log with Tenant 2:
Now if I ping both servers to hit the rules, the syslog messages should be sent with the appropriate tags, and then I can check vRealize Log Insight and I should now be able to filter my logs based on those tags:
No comments:
Post a Comment