A customer of mine who has NSX deployed in production recently added vRealize Log Insight into their environment. Since they have been using NSX for quite some time already they had a large number of rules created for the distributed firewall. All of the rules currently were not set to log to a remote syslog server, without a setting in the UI to modify all the rules at once to enable logging they were looking for the easiest way to do this.
Enter PowerNSX, while today there is not a built-in command for doing this it is possible to set it via the API which you can see called within the script. Please note this is not my script, I’m just passing this along as it was created for my customers use case and I think it can be useful to others.
Original source: https://github.com/vmware/powernsx/blob/master/Examples/EnableFirewallRuleLogging.ps1
1 comments On Bulk Enable Logging on all NSX Distributed Firewall Rules
Pingback: Building a NSX Distributed Firewall Hit Count Chart in Log Insight – mtell.in ()