Today a college of mine was asked by a customer if it would be possible to only allow specific host to send logs to VMware vRealize Log Insight (vRLI).
And as it is running on a Linux platform iptables is built in, so I figured why not?
iptables is a in kernel firewall built in to almost any Linux distribution.
Why would you limit who can send logs to your vRLI. This is not something that I hear many customers ask for, but I can certainly understand why you would not want any host or user without permission to spam you logs. And even though the filtering in vRLI is very good, you could potentially run out of disk space, and miss log that you actually wanted. Also it would be possible for an attacker to disguise his whereabouts with generated false logs. This would not be a foolproof method to avoid this, as I can easily think of a couple of ways to accomplish this anyway. Continue reading Allow only specific hosts to log to vRealize Log Insight