NSX Application Platform collects and stores statistics for security features. You can view these metrics by invoking the time series metrics APIs.

Before you begin

You must have the "NSX Gateway Firewall with Advanced Threat Prevention" license for time series monitoring.

You must deploy NSX Application Platform. For more details about deploying NSX Application Platform, see the Deploying and Managing NSX Application Platform guide. The Metrics feature is enabled by default when you deploy NSX Application Platform.

Security Statistics

The following security features generate statistics with API/CLI respectively:
  • TLS Inspection
  • Gateway IDPS
  • Gateway Firewall and Connections

Firewall interface statistics can be accessed by interface in the CLI, however, the values can be misleading. Because the counters are maintained at the gateway-level only and not per interface, the counter values increase even when there is no traffic intended for that interface. Traffic can be monitored with the packet capture on the interface of interest. The firewall rule logging will also show the interface on which traffic matched the rule.

Time series metrics is available only for TLS Inspection, Gateway IDPS, and Gateway Firewall. You can retrieve these metrics through the metric APIs.
Note: For URL Filtering and Malware prevention, only point-in-time security metrics are available and displayed on the NSX Manager user interface.

Metrics API

You can use Metrics APIs to fetch the time series metrics. These APIs can take multiple intent paths or UUIDS as input for a specific resource type, such as edge or firewall, and return the corresponding metrics.

Using time series metrics, you can monitor the trend in key performance indicators, detect anomalies, perform before and after analysis, and get the historical context which can help in troubleshooting.

Based on your role, you can view metrics of only those objects for which you have the authorization.

For high-level information about the time series metrics workflow, see APIs to Fetch Time-Series Metrics. For complete information about how to invoke the time series metrics APIs, see NSX Intelligence & NSX Application Platform API Guide.

Display Statistics on NSX Manager User Interface.

Two types of metrics can be viewed on the NSX Manager user interface:

  • Point-in-time - Recent data fetched from the Node.
  • Time series - Historical data to provide daily, weekly, monthly and yearly view.

All time series metrics are accessible through the metrics API. However, some of the time series metrics are also available on the NSX Manager user interface.

For dashboard information associated to each security feature, see Security Overview.

For information on how to monitor NSX Edge Nodes and Gateways, see Monitor NSX Edge Nodes and Gateways.