Firewall logs displayed in VMware Cloud Director UI appear duplicated or show unexpected entries when Aria Operations for Logs is integrated

Firewall logs displayed in VMware Cloud Director UI appear duplicated or show unexpected entries when Aria Operations for Logs is integrated

search cancel

Firewall logs displayed in VMware Cloud Director UI appear duplicated or show unexpected entries when Aria Operations for Logs is integrated

book

Article ID: 427634

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

When VMware Cloud Director is integrated with Aria Operations for Logs, Logging ID is not unique between rules causing logs to also not be unique
Firewall Logs that should not match get displayed in the Cloud Director console.

Environment

VMware Cloud Director 10.6
Aria Operations for Logs
NSX-T

Cause

This issue can occur when multiple, non-federated NSX-T Manager instances forward firewall logs to the same Aria Operations for Logs instance.

Resolution

This is a known and expected behavior in the current architecture.
There is no supported configuration change or workaround to enforce global uniqueness of firewall logging IDs across multiple NSX-T instances within Log Insight.
Firewall logging IDs are only guaranteed to be unique within a single NSX-T Manager
Logging IDs are not globally unique across multiple NSX-T instances

Feedback

thumb_up Yes

thumb_down No