VMware NSX

Follow
Avatar
Mike Farmer

Using the VMware NSX distributed firewall.  Trying to log the data via syslog to Sumo.  We have the data, but it changes log entries based on the event type so splitting the data isn't as easy as spacing it out as some rows have different space.

Anyone parsesed on VMware NSX logs before?

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Eddie Thompson

    Hi Mike,

    I have worked with the distributed firewall logs in the past and yes the interleaving of the various eventtypes makes it a little hard to work with.

    Basically there are two phases to getting the data workable within Sumo.

    1. ensure your multi-line processing is breaking out the events correctly.

    2. use the field extraction rules (FER) to rewrite the _sourceCategory / _sourceHorst of the events based on the log content.

    Can provide some further advice if you have some example data to work with (redact any confidential info)

    0
    Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post