Unable to view Firewall logs from NSX-T content pack in Aria Operations for Logs

search cancel

Unable to view Firewall logs from NSX-T content pack in Aria Operations for Logs

book

Article ID: 387532

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The NSX Content pack is fully set up in Aria operations for Log but the firewall logs are not displaying in the NSX contact pack dashoards or logs via explore logs

Environment

Aria Operations for logs 8.X

Cause

Communication issue between Aria ops for logs and source endpoints like for example ESXI and vCenter. They can be :

-Firewall rules between Aria ops for Los and source of the Logs

-Required ports are closed

Resolution

- On ESXi hosts that belong to the NSX cluster, run this command:

esxcli system syslog mark -s "This is a test message"

If the Aria Ops for Logs don't display anything, this could be related to ports or ESXi unable to send target logs to Aria Ops for logs

2- On those ESXi host (x.x.x: add Aria ops Ip address or Aria ops for logs Vip ) run these commands ( nc: NetCat for verifying connectivity on a specific port)

nc -z #.#.#.# 514 nc -z #.#.#.# 1514

3- Check If there are any firewalls or connectivity between ESXI and Aria Operations for Logs that won't allow full communication between these 2 products, please run these commands:

nsxcli -c get controllers

nc -z NSX-Ip 1235

Additional Information

Troubleshooting network and TCP/UDP port connectivity issues on ESXi

VMware Aria Operations for Logs ports

Feedback

thumb_up Yes

thumb_down No