It is advised to have a centralized location where you can store the logs generated on the infrastructure. Configuring the Syslog server on the environment will help you to achieve this, also this helps you to understand what is going on in your network environment is crucial to the health of your system. Using a Syslog server enables you to send event messages and multiple logs from your network devices/servers to a centralized unit. You can use the Syslog server for the application, network devices, virtualized environments, etc.
In this article, we share how you can configure the Syslog server for VMware NSX Data Center for vSphere components – NSX Manager, NSX Edge, and NSX Controller Cluster.
Configure a Syslog Server for NSX Manager
You have to specify a Syslog server in the NSX Manager management page for sending all audit logs and system events to the Syslog server. You can configure a maximum of five Syslog servers to NSX Manager, and the Syslog data is useful for troubleshooting purposes.
- Log in to the NSX Manager virtual appliance from a Web browser using https://<nsx-manager-ip> or https://<nsx-manager-FQDN>
- Log in as admin or with an account that has the Enterprise Administrator role.
Click Manage Appliance Settings
From general options, You can see there is no Syslog server configured, Click Edit next to Syslog Server.
Click on Add
Specify the IP address or hostname, port, and protocol of the Syslog server and click OK
Now the NSX Manager remote logging is enabled, and logs are stored in your Syslog server. If you have configured multiple Syslog servers, logs are stored in all the configured Syslog servers. Also, you can modify and add a new Syslog server by following the same procedure.
Configure Syslog Servers for NSX Edge
By configuring the Syslog server for NSX Edge, events and logs related to firewall events that flow from NSX Edge appliances are sent to the Syslog servers. You can configure one or two remote Syslog servers.
Log in to vCenter Server using the Web client
Navigate to Networking & Security – NSX Edges
Select the NSX Edge and click on the Edge which you need to configure a Syslog server
Click on Configure and from Appliance settings click Gear Icon and then click Change Syslog Configuration
Type an IP address for the emote Syslog server, select a protocol, and click OK.
Configure Syslog for the NSX Controller Cluster
Prior to NSX Data Center for vSphere 6.4.2 version, you have to use API for configuring Syslog settings, now it’s very easy and from the vSphere Web Client you can configure the Syslog server. in addition to this, you can follow the same procedure for configuring DNS and NTP for NSX controllers
Navigate to Networking & Security > Installation and Upgrade > Management > NSX Controller Nodes.
Select the NSX Manager that manages the NSX Controller nodes you want to modify.
Click the Common Controller Attributes EDIT link.
Click on ADD from the Syslog Servers panel
Enter the Syslog server name or FQDN, Select the protocol, port number if it is custom port and log level, Click Save
Note:- Selecting TCP or TLS might result in extra consumption of memory for buffering that could negatively impact the performance of the controller. In extreme cases, this can stop controller processing until the buffered network log calls are drained.