Deployment with VMware vRealize Log Insight

VMware vRealize Log Insight ingests streaming syslogs directly over UDP protocol, or from Log Insight Agents. NetFlow Logic provides Network Metrics Content Pack for Log Insight, which should be installed in Log Insight server. The Content Pack provides dashboards, tables, and intuitive graphs for security and operational intelligence on both physical and virtual networks.

Ingest flow data directly from NFO

NFO should be installed on a different virtual machine (VM) than the one on which the Log Insight is installed. EDFN could be installed on the same VM on which NFO is installed or on a different one.

In this diagram, starting from the bottom up:

  • Network device tier. Configure your routers, switches, firewalls, and virtual switches to send flows data to NFO.

  • NFO / EDFN tier. NFO receives flow data, performs preprocessing and optimization, enriches it with external data provided by EDFN, and sends it to Splunk forwarder or rsyslog or syslog-ng.

  • Log Insight server tier. Network Metrics Content Pack for Log Insight is installed here.

Ingest flow data with Log Insight Agent

Your organization may have an rsyslog or syslog-ng infrastructure for high availability ingestion of syslog data. NFO should be installed on a different virtual machine (VM) than the one on which the Log Insight is installed. EDFN could be installed on the same VM on which NFO is installed or on a different one.

In this diagram, starting from the bottom up:

  • Network device tier. Configure your routers, switches, firewalls, and virtual switches to send flows data to NFO.

  • NFO / EDFN tier. NFO receives flow data, performs preprocessing and optimization, enriches it with external data provided by EDFN, and sends it to Splunk forwarder or rsyslog or syslog-ng.

  • Log Insight Agent / rsyslog / syslog-ng tier. This is the data input for Log Insight server tier. In this tier you may have Linux or Windows LI Agents, and rsyslog / syslog-ng infrastructure.

  • Log Insight server tier. Network Metrics Content Pack for Log Insight is installed here.