When it comes to infrastructure, or security, logging is one of the main key elements: logs are the best source of information for troubleshooting issues, analyzing changes and obtaining runtime operational data. For that reason, I was looking to forward NSX-T logs to Log Insight to see what kind of queries I could leverage. I was surprised to find out that a NSX-T Log Insight Content Pack is already available! 🙂
So, what is this NSX-T Content Pack doing for you exactly?
The NSX-T Log Insight Content Pack provides operational and alerting visibility for different sources of log data within NSX-T. The graphically rich content pack is essential for analyzing and identifying NSX-T configuration, performance, security and traffic related issues and makes it easy to act upon the information provided. The Content Pack covers NSX-T functions such as audit information, logical switch, logical router, Firewall traffic, DHCP and represents the information via custom dashboards, filters, and alerts. The seven NSX-T dashboards sort information based on user defined time intervals and the data is presented graphically via bar graphs, pie charts and raw data collection widgets.
This content pack provides the collection, consolidation and correlation NSX-T log data; it contains 7 dashboards and 52 widgets for representing the NSX-T logs graphically. The widgets provide information on logs for different networking elements such as:
- Logical switches
- Logical routers
- Distributed firewall
- DHCP service
The setup instructions to forward all required logging components (NSX Manager, Controller, Edges, etc.) to Log Insight are provided in the content pack.
- Log Insight 3.0+
- NSX-T 1.0+
More resources: NSX-T Log Insight Content Pack on VMware Solutions Exchange.