Skip to content

VMware NSX

VMware NSX


VMware NSX is a network virtualization and security platform that enables the virtual cloud network, a software-defined approach to networking that extends across data centers, clouds and application frameworks.

Product Details

Vendor URL: VMware NSX - VMware Virtualization Solution

Product Type: Security Platform

Product Tier: Tier II

Integration Method: Syslog

Integration URL: Configure Remote Logging - VMware Docs

Log Guide: Firewall Logs - VMware Docs

Parser Details

Log Format: Syslog

Expected Normalization Rate: 90%

Data Label: VMWARE_NSX

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
action security_result.action_details
ALLOW,BLOCK,FAIL security_result.action
AUTHTYPE_UNSPECIFIED extensions.auth.type
bytes_in network.received_bytes
bytes_out network.sent_bytes
description metadata.description
direction network.direction
event_type metadata.event_type
Existing_portgroupId additional.fields
intermediary_data intermediary.hostname
intermediary_data intermediary.ip
New_portgroupId additional.fields
observer observer.hostname
observer observer.ip
observer_domain observer.administrative_domain
packet_length additional.fields
packets_in additional.fields
packets_out additional.fields
principal principal.hostname
principal principal.ip
principal_domain principal.administrative_domain
principal_port principal.port
principal_user principal.user.userid
product metadata.product_name
product_event metadata.product_event_type
product_log_id metadata.product_log_id
protocol network.ip_protocol
rule_id security_result.rule_id
rule_name security_result.rule_name
session_id network.session_id
severity security_result.severity_details
start_time additional.fields
target target.hostname
target target.ip
target_domain target.administrative_domain
target_file target.file.full_path
target_port target.port
target_user target.user.userid
tcp_flag additional.fields
vendor metadata.vendor_name
version metadata.product_version

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
principal,target NETWORK_CONNECTION

Log Sample

<13>1 2022-05-02T12:03:28.395Z dfwpktlogs - - - INET match PASS company_nsx/1010 IN 78 UDP> tag.NSX_Rulename

Sample Parsing

metadata.event_timestamp = "2022-05-02T12:03:28Z"
metadata.event_type = "NETWORK_CONNECTION"
metadata.vendor_name = "VMware"
metadata.product_name = "NSX"
metadata.product_version = "dfwpktlogs"
metadata.product_event_type = "INET match"
metadata.description = "Packet matches a rule"
additional.packet_length = "78"
principal.ip = ""
principal.port = 137
principal.asset.ip = ""
target.ip = ""
target.port = 137
target.asset.ip = ""
intermediary.hostname = "company_nsx"
observer.hostname = "observer_hostname" = ""
security_result.rule_name = "NSX_Rulename"
security_result.summary = "MATCH"
security_result.action = "ALLOW"
security_result.rule_id = "1010"
security_result.action_details = "PASS"
network.ip_protocol = "UDP"
network.direction = "INBOUND"

Parser Alerting

This product currently does not have any Parser-based Alerting.


Coming Soon