Configure NSX VMware Log Insight

To configure Log Insight to send logs to SIP, complete the following steps.

1. In vSphere, in the NSX Edge section, write down each device's host name.
2. Log in to Log Insight.
3. Click the menu in the upper-right of the toolbar, and select Administration.
4. Select Event Forwarding.
5. Click New Destination.

You will need one destination for each child device.

6. Complete the fields in the New Destination dialog box.
   1. Name of the destination. For example, FireMon - Data Collector.
   2. Host is either the IP or FQDN of the Data Collector.
   3. Protocol is Syslog.
   4. For multiple NSX VMware distributed firewalls, select the Forward complementary tags check box.
   5. Transport is UDP.
   6. Click Add Filter.

   VMWare filter rules are additive, using implicit AND, NOT, OR logical operators, and this behavior cannot be altered. Therefore using multiple filters within a single Destination may produce incorrect results. Instead, we recommend that you create a series of Event Forwarding Destinations, each with only a single filter rule. The Destination for the Distributed Firewall should contain a filter rule appname matches dfwpktlogs. Each Edge Device should have a Destination created with a filter rule hostname starts with <hostname>.

   • Distributed Firewall: appname matches dfwpktlogs

   If there are multiple distributed firewalls, you must enable forward complementary tags and then set the syslog match name.

   • Edge device: hostname starts with <hostname>

   7. Click Save.