Tracking VCD tenant from firewall log entries in Aria Operations for logs.
search cancel

Tracking VCD tenant from firewall log entries in Aria Operations for logs.

book

Article ID: 440432

calendar_today

Updated On:

Products

VMware Cloud Director VMware vRealize Log Insight 8.x

Issue/Introduction

This article will help with identifying VMware Cloud Director(VCD) tenant from firewall log entries seen in Aria Operations for Logs.

Environment

VMware Cloud Director 10.6.x

VMware Aria Operations for Logs 8.x

Resolution

 To identify the VCD tenant:

  1. Example entry seen from Aria Operations for Logs for a firewall rule.

    <timestamp> <Hostname of the ESXi host recording the log> NSX ##### FIREWALL [nsx@#### comp="nsx-edge" subcomp="datapathd" s2comp="firewallpkt" level="INFO"] <Trace ID> INET reason-match <Action on the rule> <VCD Logging ID> OUT <Packet Length> UDP <Source IP/Port> -><Destination IP/Port> <Rule Tag in NSX>

     

  2. Note the 2 identifiers from the above entry.
    <Rule Tag in NSX> : Value will be of the format : 1e234ef5-e:degw -: 1fc23
    <VCD Logging ID> : Value will be of the format :12345

  3. Search one of these identifiers in NSX.

    1. With <Rule Tag in NSX> value, use the global search in NSX and look for 'Tier-1 Gateways' in the results.
    2. With the <VCD Logging ID> value, use the global search in NSX and look for 'Firewall Rules' in the results.

The output will contain references to the edge gateway or the tenant firewall rule name. With this,the tenant can be identified from VCD UI.

Additional Information

Unable to see logs from Distributed Firewall in Cloud Director UI 

Understanding DFW packet logging 

Powered by Wolken Software