Get Dfw Logs
Log filters are encapsulated in a FIQL filter query parameter.
Sample filter:
filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391)
Supported filters are:
- timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
- ruleId. Id of the firewall rule. This is optional. This field is responsible for filtering logs based on rule firewall rule id.
- ruleName. Name of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule name.
- loggingId. Logging Id of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule logging Id. Logging Id is unique ID assigned by the backing NSX-T network provider, and is used for logging by NSX-T. Only applies to NSX-T.
- addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
- reason. Criteria for which an action is taken by the firewall rule. This is optional.
- action. Action taken by the firewall rule. This is optional.
- direction. Direction of network traffic on the distributed firewall. Can be IN or OUT. This is optional.
- protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
- sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
- sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
- destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
- destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.
Request
URI
GET
https://{api_host}/cloudapi/1.0.0/vdcGroups/{vdcGroupId}/dfwPolicies/{policyId}/logs
COPY
Path Parameters
string
vdcGroupId
Required
vdcGroupId
string
policyId
Required
policyId
Query Parameters
string
filter
Optional
Filter for a query. FIQL format.
string
sortAsc
Optional
Field to use for ascending sort
string
sortDesc
Optional
Field to use for descending sort
integer
page
Required
Constraints:
minimum: 1
default: 1
Page to fetch, zero offset.
integer
pageSize
Required
Constraints:
minimum: 0
maximum: 128
default: 25
Results per page to fetch.
Responses
200
OK
Returns
DfwLogs
of type(s)
application/json;version=39.1
This response body class contains all of the following:
InlineDfwLogs0 ,
InlineDfwLogs1
{
"resultTotal": 0,
"pageCount": 0,
"page": 0,
"pageSize": 0,
"associations": [
{
"entityId": "string",
"associationId": "string"
}
],
"values": [
{
"timestamp": "2020-07-24T00:00:00.000+0000",
"addressFamily": "string",
"reason": "string",
"action": "string",
"ruleId": "string",
"ruleName": "string",
"loggingId": "string",
"direction": "string",
"packetLength": 0,
"protocol": "string",
"sourceIpAddress": "string",
"sourcePort": 0,
"destinationIpAddress": "string",
"destinationPort": 0
}
]
}Code Samples
COPY
curl -H 'Authorization: <value>' https://{api_host}/cloudapi/1.0.0/vdcGroups/{vdcGroupId}/dfwPolicies/{policyId}/logs?page=value&pageSize=v
Availability
Added in 39.0
On This Page
Dfw Policy Operations
GET
Get Dfw Policy
PUT
Update Dfw Policy
DELETE
Delete Dfw Policy
GET
Get Dfw Rules
POST
Create Dfw Rule
PUT
Update Dfw Rules
GET
Get Dfw Rule
PUT
Update Dfw Rule
DELETE
Delete Dfw Rule
GET
Get Dfw Logs