Redundancy – The leading logging platform is Syslog. Syslog is a UDP-based protocol, so the delivery of all log data is not guaranteed. To facilitate the integrity of log delivery over networks try the following:

Design physical redundancy on logging equipment (redundant network interfaces, others).

Multiple syslog targets.

If only one remote syslog target is possible, configure local logging as well as one remote target.

Host the log targets on DRS enabled hosts so that vCenter can manage availability of the syslog virtual machine and service.

Scalability – When compared with customer-generated events, vCloud infrastructure components generate considerably less log data. However, customer components such as the vCloud Networking and Security Edge (Edge) firewall generate a very high volume of logging. Logs from performance data such as IOPS, network throughput ,and CPU utilization are critical, so the design guideline is to define standalone disk partitions for log collection and archiving on a collection server. Additionally, if possible, this data should also be part of the vCloud monitoring solution using vCenter Operations Manager.

Reporting:

Logs need to be available to customers in raw format from both vCloud Director and Edge that pertain specifically to their organization and networks.

Within vCloud Director, customer-specific activity is specified as an identifier for the customer’s organization.

Edge applies descriptive and unique names to organization-specific traffic that SIEM products use to correlate log messages.