Unable to view Firewall logs from NSX-T in Aria Operations for Logs

search cancel

Unable to view Firewall logs from NSX-T in Aria Operations for Logs

book

Article ID: 387532

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

The NSX Content pack is fully set up in Aria operations for Log but the firewall logs are not displaying in the NSX contact pack dashoards or logs via explore logs

Environment

Aria Operations for logs 8.X

Cause

Firewall rules restricting traffic between Aria Operations for Logs and the log sources, such as ESXi hosts and vCenter

Resolution

- On ESXi hosts that belong to the NSX cluster, run this command:

esxcli system syslog mark -s "This is a test message"

If the Aria Ops for Logs don't display anything, this could be related to ports or ESXi unable to send target logs to Aria Ops for logs

2- On those ESXi host (x.x.x: add Aria ops Ip address or Aria ops for logs Vip ) run these commands ( nc: NetCat for verifying connectivity on a specific port)

nc -z #.#.#.# 514 nc -z #.#.#.# 1514

3- Check If there are any firewalls or connectivity between ESXI and Aria Operations for Logs that won't allow full communication between these 2 products, please run these commands:

nsxcli -c get controllers

nc -z NSX-Ip 1235

Additional Information

Troubleshooting network and TCP/UDP port connectivity issues on ESXi

VMware Aria Operations for Logs ports

Feedback

thumb_up Yes

thumb_down No