Looking around on the web I have been unable to find any information on turning on firewall logs in ESXi. It seems like it is not possible to enable logging of the firewall rules in the product.
From a security stand point this is very bad. Any activity regarding attempts to enumerate listening services is valuable intelligence. I appreciate that lockdown mode will prevent anyone from accessing the services on the ESXi host but knowing that someone tried even if they failed is valuable intelligence for SOC staff.
Does anyone know if is possible to enable logging of the firewall?
Kind regards,
Andy
CISSP,GCIA, GCIH, GPEN, GWAPT