NSX firewall audit logs like rule create, update or delete not ingesting in Aria Operations for Logs
search cancel

NSX firewall audit logs like rule create, update or delete not ingesting in Aria Operations for Logs

book

Article ID: 408970

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  •  NSX firewall audit logs like rule create, update or delete not ingesting in Aria Operations for Logs.
  • The updates are recorded in NSX under /var/log/audit.log.
  • NSX nodes are sending other logs to Aria Logs.

 

Environment

Aria Operations for Logs 8.18.x 

Cause

The syslog configuration for Aria Logs is not done on all NSX nodes.

Resolution

On the NSX UI, ensure that the syslog configuration is done to match steps in Configure All NSX Nodes to Forward Logs to VMware Aria Operations for Logs.

For CLI, ensure that the syslog configuration is done for each node individually as described in Configure Remote Logging in NSX

Powered by Wolken Software