ewams


Nutanix Flow has the ability to send policy hit logs, otherwise known as events to a syslog server, when a policy event has been triggered. This is helpful for adminsitrators which want to see all the flows that are being blocked, redirected, or allowed through. By sending these hit logs to a syslog server, security and networking teams can before more advanced troubleshooting, redirect the data to a SEIM to better introspection, or just have a better handle of what is going on in their network. In this video I show how to enable policy hit logs and what those logs look like.

To enable policy hit logs, syslog must be enabled first.



*disclaimer* This document and presentation is my own and does not represent anything from any other entity. I will not be held liable for anything bad that comes of it.

Written by Eric Wamsley
Posted: January 17th, 2020 3:31pm.
Topic: Nutanix
Tags: Nutanix, Prism, Flow,


 ©Eric Wamsley - ewams.net