The Secure Access Log feature displays enterprise-level analytics based on the logs received from the tunnel service.

The 5.2 release supports the VMware Secure Access Log Management feature, which displays information for analyzing and debug purposes. Customers can also search/filter logs based on a broad spectrum of log parameters in the VMware SASE Orchestrator under Secure Access Logs.

About this task:
  • The Secure Access Logs feature supports 100 entries per page (to see beyond 100 entries, go to the next page).
  • By default, the maximum log storage retention is seven days.
  • Make sure your tunnel server version supports logging. If necessary, upgrade to the latest version of the tunnel server, which can be accomplished by going to the Secure Access Policies screen (Configure > Secure Access Policies) and clicking Restart.
    Note: When you click Restart, the tunnel sever gets updated to the latest version, which includes the Secure Access Log management feature. As the tunnel server restarts, users will get disconnected in batches momentarily and will get automatically reconnected. When this process is complete, Secure Access Logs will be visible in the Secure Access Logspage.
To view secure access logs:
  1. In the Secure Access service of the Enterprise Portal, go to Monitor > Secure Access Logs. See image below.

  2. See the table below for information about the Secure Access Logs screen.
    Field Description
    Connection Displays if the connection from the user device is a Session (tunnel client connecting to Tunnel service running in the PoP) or UDP datagram/TCP stream from user applications.
    Connection Status Displays status of the connection: Connected, Disconnected, or Closed.
    Connection Time Time of the event.
    Connection Type Displays the type of connection.
    Device User Name The ID the user used to log into Tunnel Client.
    Device Name The device name used to connect to the Secure Access service.
    Device App Name of the application running on the device that is accessing the resources.
    Device VPN IP Displays the device VPN IP.
    Device UID Displays the device UID.
    Remote Host Name The hostname of the resource being accessed by the application on the device (domain of the destination host).
    Remote Host IP The destination IP address of the flow.
    Remote Host Port
    PoP Name Name of the SASE PoP. This field displays the name of the PoP that user is connected to via Secure Access Service.
    Flow ID Displays the ID of the flow.
    Session ID Displays the ID of the session.
    VPN Server IP The IP Address assigned to Tunnel Server instance running in the SASE PoP.
  3. Select a log to display more details, as shown in the image below.

  4. Use the Search/Filter feature to specify a specific time period and to find relevant logs.
    1. In the top, left corner of the Secure Access Logspage, select Custom from the drop-down menu, as shown in the image below.
    2. Click the Calendar icons to indicate your start to finish dates for your custom search.
    3. Click the Filters button to open the filters dialog, as shown in the image below. In this dialog, indicate your filter parameters by selecting a filter name and using "is" or "contains" to refine the search. Click the Apply button when finished to conduct the search.