Location of VMware NSX for vSphere 6.1.x and later Firewall Rule logs
search cancel

Location of VMware NSX for vSphere 6.1.x and later Firewall Rule logs

book

Article ID: 339085

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
Starting with VMware NSX for vSphere 6.1, the location of the Firewall Rule logs has changed. The location now points to /var/log/dfwpktlogs.log file on the ESXi host when logging is enabled on the Firewall Rules.

For more information, see the VMware NSX for vSphere 6.2 Administration Guide.

Note: VMware is aware of the NSX for vSphere 6.1 Administration Guide still stating the location points to /var/log/vmkernel.log file on the ESXi host which is incorrect. This is in the process of getting this corrected.

Environment

VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x

Cause


Resolution

Firewall generates and stores three types of logs:

Rules Message Logs: Includes all access decisions such as permitted or denied traffic for each rule if logging was enabled for that rule. These are stored in /var/log/dfwpktlogs.log on each of the ESXi host.

Audit Logs: Includes administration logs and Distributed Firewall configuration changes. These are stored in vsm.log*

System Event Logs: Include Distributed Firewall configuration applied, filter created, deleted, or failed, and virtual machines added to security groups, etc. These are stored in vsm.log*

Note: vsm.log can be accessed running this command show manager log from NSX manager Command Line Interface (CLI) and performing grep for keyword vsm.log.

For more information, see Collecting diagnostic information for VMware NSX for vSphere 6.x (2074678).


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.

Collecting diagnostic information for VMware NSX for vSphere 6.x
Troubleshooting NSX for vSphere 6.x Distributed Firewall (DFW)