VMware Aria Operations for Logs
Integrating NetFlow Optimizer (NFO) with VMware Aria Operations for Logs provides a centralized, high-performance platform for analyzing network telemetry within your VMware SDDC and multi-cloud environments. By streaming enriched network flows into Aria Operations for Logs, infrastructure teams can correlate network traffic with virtual machine events for faster root-cause analysis.
Key Integration Benefits
- Unified SDDC Visibility: View NFO’s enriched network logs alongside vCenter, ESXi, and NSX events for a comprehensive "single pane of glass" view of your virtual infrastructure health.
- Rapid Troubleshooting: Correlate application performance issues seen in Aria Operations with actual network bandwidth consumption or high latency detected by NFO.
- Identity-Aware Logs: NFO enriches raw flows with User Identity and DNS names before ingestion, allowing you to search for logs by "Username" or "VM Name" rather than just anonymous IP addresses.
- Optimized Log Storage: Use NFO’s module-level aggregation to reduce the volume of log data ingested into your Aria cluster by 80-90%, significantly lowering storage costs and improving query performance.
Integration Architecture
NFO functions as a specialized syslog provider for the Aria Operations for Logs cluster.
- Ingest: NFO collects NetFlow/IPFIX/sFlow from physical and virtual switches.
- Enrich: Data is processed through NFO Modules (e.g., Network Conversations) to add VM context and identity metadata.
- Forward: Enriched JSON logs are sent via Syslog (UDP/TCP) to the Aria Operations for Logs Integrated Load Balancer (ILB).
- Analyze: Use the Explore Logs interface to query, alert on, and visualize network trends.
Get Started
Deployment & Configuration
Follow our guide to configure the Aria Operations for Logs syslog listener and set up the NFO output.