darrylcauldwell.com On a journey around the datacenter and public cloud.

Configuring NSX-V Syslog For vRealize Log Insight

I find myself with the need to configure Log Insight to manage an NSX-V installation. With how simple configuring the vSphere components with Log Insight it was a surprise to find the rather less simple steps needed for NSX-V.

There are three items of NSX-V which we want to capture syslogs from

  • NSX Manager
  • NSX Controllers
  • NSX Edges

Rather strangely as they part of the same product suite each has a very different method for configuring.

NSX Manager

To configure NSX Manager syslog server connect to administration web console and select ‘Manage Appliance Settings’.

Ensure General is selected in the left pane,  then Edit ‘Syslog Server’ and enter IP address or FQDN of the Log Insight server on Port ‘514’ and protocol UDP.

NSX Controllers

To configure NSX controllers syslog server you need to use a REST client,  the following steps are done using Mozilla Firefox add-in ‘RESTclient’, but will be similar for all clients.

Within RESTclient click Authentication and select Basic Authentication,  you will be prompted for username and password.  This will be used by the client to connect to the controller as such enter credentials which have access to NSX Controllers.

The NSX Controller API we will be using takes data in XML format.  To ensure data is processed correctly we add a Header stating our content type to our requests. Within RESTclient click ‘Header’ menu and click ‘Custom Header’ for the header give name ‘Content-Type’ and value ‘application/xml

We now need to GET the ID of the NSX Controllers,  to do this we query ‘NSX Manager’ to get a list of ‘NSX Controllers’ it controls.

GET https://{nsxmgr-ip}/api/2.0/vdn/controller

This returns data in XML format for ease of reading change to the ‘Response Body (Preview)’ you will see within the XML data the ID of your NSX Controllers take a note of all of these.

We now need to POST syslog configuration to each ‘NSX Controller’ via the ‘NSX Manager’ REST API.

POST https://{nsxmgr-ip}/api/2.0/vdn/controller/{controller-id}/syslog

With ‘Request Body’

<controllerSyslogServer>
<SyslogServer>{loginsight-ip}</syslogServer>
<port>514</port>
<protocol>UDP</protocol>
<level>INFO</level>
</controllerSyslogServer>

As REST is a part of HTTP then if all goes well you should get a Success 200.

Repeat POST the same ‘Request Body’ to ‘NSX Manager’ changing the {controller-id} value until you have posted to all your ‘NSX Controllers’.

Once set you can query what ‘NSX Controllers’ by performing a GET rather than a POST.

https://{nsxmgr-ip}/api/2.0/vdn/controller/{controller-id}/syslog

NSX Edge Configuration

The NSX Edge’s are nice and easy to configure,  albeit via a different console.

Configure NSX Edge Gateway syslog using vCenter Networking & Security,  navigate through to the Edge you want to report in.  Change to ‘Manage’ tab and ‘Configuration’ menu,  then Edit syslog and add the IP address of your Log Insight.

So that is it,  three different parts of NSX and three different methods for configuring syslog,  but now all your NSX components should send there syslog’s to Log Insight for your viewing pleasure.

Be social and share this post!