Configuring Distributed Firewall Packet Logs size and rotation setting

search cancel

Configuring Distributed Firewall Packet Logs size and rotation setting

book

Article ID: 406629

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

If logging is enabled for Distributed Firewall rules, the firewall packet logs will be stored at /var/log/dfwpktlogs.log on ESXi hosts.

Customer may want to modify the default Distributed Firewall Packet Log file size or rotation settings for specific purposes.

Environment

VMware NSX

Resolution

The configuration file /etc/vmsyslog.conf.d/dfwpktlogs.conf on each ESXi host defines the size and rotation count settings for NSX Distributed Firewall (DFW) Packet Logs.

⚠️ Note: Modifying the default DFW Packet Log settings is generally not recommended. Always consider the available storage space on the ESXi host before increasing the log file size or rotation count.

However, if there is a valid reason to change the configuration, you can follow these steps:

Steps to Modify DFW Packet Log Settings:

1. Edit the configuration file on the ESXi host and adjust the following parameters as needed:

_{# Number of rotated files}
_{rotate = 10}

_{# Rotate size}
_{size = 10240}

Note: The size value is in kilobytes (KB). For example, 10240 KB equals 10 MB.

2.Reload the syslog service from ESXi shell to apply the changes:

_{esxcli system syslog reload}

Additional Information

This configuration must be applied individually on each ESXi host.
Ensure that any custom settings comply with your log retention policies and available disk space.

Feedback

thumb_up Yes

thumb_down No