Content Packs

NSX Distributed Firewall Content Pack

I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well.

 

Content pack attached to this post. I'll put up a demo video on my blog at heathreynolds.com when I get my NSX lab re-spun.

Tags

Idea No. 105