Logging for the distributed firewall rules created by NCP is by disabled by default
Article ID: 316813
Updated On:
Products
VMware Cloud PKS
Issue/Introduction
Symptoms:
- There is no ability enable the logging status of any distributed firewall (DFW) rules created by NCP
- The object will appear as protected and cannot be modified
Environment
VMware PKS 1.x
Cause
The logging cannot be enabled as the rule is created by NCP and is protected
Resolution
This is an expected behavior and cannot be modified.
Workaround:
In the ncp.ini file there is a log_dropped_traffic section similar to the following:
# Indicates whether distributed firewall DENY rules are logged.
#log_dropped_traffic = False
If the log_dropped_traffic parameter is uncommented and set to True, all denied packets are logged.
Note: This is not a persistent setting as the setting is not coming from the PKS tile.
Workaround:
In the ncp.ini file there is a log_dropped_traffic section similar to the following:
# Indicates whether distributed firewall DENY rules are logged.
#log_dropped_traffic = False
If the log_dropped_traffic parameter is uncommented and set to True, all denied packets are logged.
Note: This is not a persistent setting as the setting is not coming from the PKS tile.
Additional Information
Feedback
Yes
No
Powered by
