Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

VMware NSX for vSphere

VMware NSX for vSphere

Support Added: FortiSIEM 6.5.0

Vendor Version Tested: Not Provided

Vendor: VMware

Product: VMware NSX for vSphere

Product Information: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/index.html

What is Discovered and Monitored

Protocol Information Discovered Metrics/LOGs collected Used for
Syslog security logs Security and Compliance monitoring

Configuration

Configure VMware NSX for vSphere to send logs to FortiSIEM. FortiSIEM will automatically parse the logs. No configuration is required in FortiSIEM.

Sample Events

<182>1 2021-11-12T07:00:00.084Z nsxmgr03-ars.company.local NSXV 5956 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] The task core.services.fabric.stateUpdaterTaskName [id:task-994995] is added to the SchedulerQueue

<182>1 2021-11-12T06:59:49.339Z nsxmgr03-ars.company.local NSXV 5420 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [AuditLog] UserName:'admin', Originated IP:'192.0.2.33', ModuleName:'ACCESS_CONTROL', Operation:'LOGIN', Resource Name:'NSX Appliance Manager', Time:'Fri Nov 12 06:59:49.338 WET 2021', Status:'SUCCESS'

<182>1 2021-11-12T07:00:00.103Z nsxmgr03-ars.company.local NSXV 5956 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [SystemEvent] Time:'Fri Nov 12 07:00:00.101 WET 2021', Severity:'Critical', Event Source:'null', Code:'30051', Event Message:'Missing or deleted resources: [datastore-339487] found used in NSX Edge(s): [edge-142]. Please reconfigure these NSX Edges to use existing resources. Please refer to NSX Manager logs for the complete list of missing resources.', Module:'NSX Edge Appliance', Universal Object:'false'

VMware NSX for vSphere

VMware NSX for vSphere

Support Added: FortiSIEM 6.5.0

Vendor Version Tested: Not Provided

Vendor: VMware

Product: VMware NSX for vSphere

Product Information: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/index.html

What is Discovered and Monitored

Protocol Information Discovered Metrics/LOGs collected Used for
Syslog security logs Security and Compliance monitoring

Configuration

Configure VMware NSX for vSphere to send logs to FortiSIEM. FortiSIEM will automatically parse the logs. No configuration is required in FortiSIEM.

Sample Events

<182>1 2021-11-12T07:00:00.084Z nsxmgr03-ars.company.local NSXV 5956 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] The task core.services.fabric.stateUpdaterTaskName [id:task-994995] is added to the SchedulerQueue

<182>1 2021-11-12T06:59:49.339Z nsxmgr03-ars.company.local NSXV 5420 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [AuditLog] UserName:'admin', Originated IP:'192.0.2.33', ModuleName:'ACCESS_CONTROL', Operation:'LOGIN', Resource Name:'NSX Appliance Manager', Time:'Fri Nov 12 06:59:49.338 WET 2021', Status:'SUCCESS'

<182>1 2021-11-12T07:00:00.103Z nsxmgr03-ars.company.local NSXV 5956 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [SystemEvent] Time:'Fri Nov 12 07:00:00.101 WET 2021', Severity:'Critical', Event Source:'null', Code:'30051', Event Message:'Missing or deleted resources: [datastore-339487] found used in NSX Edge(s): [edge-142]. Please reconfigure these NSX Edges to use existing resources. Please refer to NSX Manager logs for the complete list of missing resources.', Module:'NSX Edge Appliance', Universal Object:'false'