If you are an Azure VMware Solution (AVS) user with a paid subscription or VMware Cloud core subscription for VMware Aria Operations for Logs (SaaS), VMware Aria Operations for Logs (SaaS) collects and analyzes logs generated in your AVS Software-Defined Data Center (SDDC).
For information about configuring your AVS log source, navigate to the Log Sources page and under VMware Cloud, click Azure VMware Solution (AVS).
For information about VMware Aria Operations for Logs (SaaS) subscriptions, see VMware Aria Operations for Logs (SaaS) Subscriptions and Billing.
VMware Aria Operations for Logs (SaaS) classifies AVS SDDC events matching the following rules as logs.
- Overview Events
-
Event_provider contains "AZURE_AVS"
- Firewall Source Events
-
Event_provider contains "AZURE_AVS" vmw_vmc_audit_nsxt_firewall_action exists vmw_vmc_audit_nsxt_firewall_src exists
- Firewall Destination Events
-
Event_provider contains "AZURE_AVS" vmw_vmc_audit_nsxt_firewall_action exists vmw_vmc_audit_nsxt_firewall_dst exists
- Application Ports Permitted
-
Event_provider contains "AZURE_AVS" vmw_vmc_audit_nsxt_firewall_dst_ip_port exists vmw_nsxt_firewall_client_to_server_bytes exists vmw_vmc_audit_nsxt_firewall_dst_port exists text contains 'inet term'
- Application Ports Denied
-
Event_provider contains "AZURE_AVS" vmw_vmc_audit_nsxt_firewall_dst_ip_port exists vmw_vmc_audit_nsxt_firewall_dst_port exists text contains 'drop' OR text contains 'reject' text contains 'inet match'
- Severity Events
-
Event_provider contains "AZURE_AVS" Severity Exists
