Device Details
|
Vendor |
VMware |
|---|---|
|
Device Type |
Virtualization Platform |
|
Supported Model Name/Number |
VMware NSX/NSX-T |
|
Supported Software Version(s) |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog - VMware NSX/NSX-T |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
Prerequisites
-
VMware vCenter Server 5.5 or later
-
VMware ESX 5.0 or later for each server
-
VMware Tools
Device Configuration Checklist
Install the NSX Manager:
-
Obtain the NSX Manager OVA File.
-
Install the NSX Manager Virtual Appliance.
-
Log In to the NSX Manager Virtual Appliance.
-
Register vCenter Server with NSX Manager.
-
Schedule a Backup of NSX Manager Data.
Install NSX Components:
-
Install and Assign NSX for vSphere License.
-
Install Network Virtualization Components.
-
Prepare and Enable Clusters for Logical Switches.
-
Install NSX Edge.
-
Install vShield Endpoint.
-
Install Data Security.
-
Create an IP Pool.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
Audit Log |
All |
User Name, Module Name, Operation, Resource, Status |
|
DCNPool Messages |
All |
Severity, Event Message, Host, Quantity, Event ID, Object |
|
Firewall Message |
All |
Vendor Info, Security Group, Action ID, Object Type |
|
Job Information |
All |
Command, Result, User Name, Process ID |
|
Policy Message |
All |
Vendor Info, Policy Name, Policy Action |
|
Scheduler Message |
All |
Vendor Info, Quantity, Object |
|
Security Message |
All |
Vendor Info, Identifier, Moid, Object Name, Security Group |
|
Session Information |
All |
Session Key, User Name |
|
System Event |
All |
Event Source, Event Message, Group, Module |
|
Rules Message |
All |
Severity,Action,UserName ,VMid , Size ,Protname , IP Address , Port ,Quantity |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
N/A |
<severity> |
Text/String |
|
N/A |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<processid> |
Numeric |
|
N/A |
<object> |
Text/String |
|
N/A |
<vendorinfo> |
Text/String |
|
N/A |
<parentprocessname> |
Text/String |
|
N/A |
<parentprocessid> |
Numeric |
|
N/A |
<command> |
Text/String |
|
N/A |
<result> |
Text/String |
|
N/A |
<login> |
Text/String |
|
N/A |
<action> |
Text/String |
|
N/A |
<size> |
Numeric |
|
N/A |
<sip> |
IP Address |
|
N/A |
<sport> |
Numeric |
|
N/A |
<dip> |
IP Address |
|
N/A |
<dport> |
Numeric |
|
N/A |
<packetsin> |
Numeric |
|
N/A |
<packetsout> |
Numeric |
|
N/A |
<bytesin> |
Numeric |
|
N/A |
<bytesout> |
Numeric |