除了默认的旧格式外,NSX Advanced Load Balancer 还支持另外两种 syslog 格式。本主题仅适用于从控制器作为 Syslog 消息发送的警示的格式设置。这不会影响直接从 SE 流式传输的应用程序日志或客户端日志的格式设置。
使用 alertsyslogconfig 命令下的格式选项设置 syslog 格式参数。以下是支持的格式:
SYSLOG_LEGACYSYSLOG_RFC5424SYSLOG_JSONSYSLOG_RFC5425_ENHANCED
使用 format syslog_format 命令配置所需的格式。以下是一个配置 syslog 格式 SYSLOG_JSON 的示例。
[admin:10-X-X-X]: > configure alertsyslogconfig Syslog-Test1 [admin:10-X-X-X]: alertsyslogconfig> syslog_servers New object being created [admin:10-X-X-X]: alertsyslogconfig:syslog_servers> syslog_server 10.1.1.1 [admin:10-X-X-X]: alertsyslogconfig:syslog_servers> syslog_server_port 516 [admin:10-X-X-X]: alertsyslogconfig:syslog_servers> format SYSLOG_JSON [admin:10-X-X-X]: alertsyslogconfig:syslog_servers> save [admin:10-X-X-X]: alertsyslogconfig> save +----------------------+--------------------------------------------------------+ | Field | Value | +----------------------+--------------------------------------------------------+ | uuid | alertsyslogconfig-d6d24aa4-085d-4204-8cd4-3ff24d7242a4 | | name | Syslog-Test1 | | syslog_servers[1] | | | syslog_server | 10.1.1.1 | | syslog_server_port | 516 | | udp | False | | format | SYSLOG_JSON | | tenant_ref | admin | +----------------------+--------------------------------------------------------+
使用 show alertsyslogconfig 命令确认当前为 Syslog-Test1 对象设置的格式。
[admin:10-10-24-65]: > show alertsyslogconfig Syslog-Test1 +-----------------------------------------------------------------------------+ | Field | Value | +--------------------+--------------------------------------------------------+ | uuid | alertsyslogconfig-d4b2a910-7750-4d20-b5c7-0009816c7300 | | name | Syslog-Test1 | | syslog_servers[1] | | | syslog_server | 10.1.1.1 | | syslog_server_port | 516 | | udp | False | | format | SYSLOG_JSON | | tenant_ref | admin | +-----------------------------------------------------------------------------+
以下是所有三种格式的示例日志消息:
SYSLOG_LEGACY
Sep 12 17:29:36 10.X.X.X [2018-09-12 17:29:36,398: Avi-Controller: INFO: ] [default: reason: Syslog for Config Events occured] At 2018-09-12 17:29:33+00:00 event CONFIG_UPDATE occurred on object default in tenant admin as Config update status is success (performed by user admin).`
SYSLOG_RFC5424
Sep 12 17:25:21 2018-09-12 17: 25:21,283 user-ctlr-nsx Avi-Controller - - - INFO [Syslog-Config: reason: Syslog for Config Events occured] At 2018-09-12 17:25:14+00:00 event CONFIG_UPDATE occurred on object Syslog-Config in tenant admin as Config Syslog-Config update status is success (performed by user admin).`
SYSLOG_JSON
Sep 12 17:28:21 2018-09-12 17: 28:21,436 user-ctlr-nsx Avi-Controller - - - INFO [default: reason: Syslog for Config Events occured] {"level": "ALERT_LOW", "timestamp": "2018-09-12 17:28:15", "obj_name": "default", "tenant_uuid": "admin", "summary": "Syslog for Config Events occured", "obj_key": "default", "reason": "threshold_exceeded", "obj_uuid": "default", "related_objects": ["default"], "threshold": 0, "events": [{"obj_type": "SYSTEMCONFIGURATION", "tenant_name": "", "event_id": "CONFIG_UPDATE", "related_uuids": ["default"], "event_details": {"config_update_details": {"status": "Success", "resource_name": "", "old_resource_data": "{\"email_configuration\": {\"disable_tls\": false, \"mail_server_port\": 25, \"mail_server_name\": \"localhost\", \"smtp_type\": \"SMTP_LOCAL_HOST\", \"from_email\": \"[email protected]\"}, \"global_tenant_config\": {\"se_in_provider_context\": true, \"tenant_access_to_provider_se\": true, \"tenant_vrf\": false}, \"uuid\": \"default\", \"dns_configuration\": {\"search_domain\": \"\"}, \"url\": \"https://10.X.X.X/api/systemconfiguration\", \"ssh_hmacs\": [\"[email protected]\", \"[email protected]\", \"[email protected]\", \"hmac-sha2-512\"], \"docker_mode\": false, \"snmp_configuration\": {\"version\": \"SNMP_VER2\", \"large_trap_payload\": false, \"sys_contact\": \"[email protected]\", \"community\": \"<sensitive>\"}, \"portal_configuration\": {\"use_uuid_from_input\": false, \"redirect_to_https\": true, \"sslprofile_ref\": \"https://10.X.X.X/api/sslprofile/sslprofile-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Standard-Portal\", \"disable_remote_cli_shell\": false, \"enable_clickjacking_protection\": true, \"sslkeyandcertificate_refs\": [\"https://10.Y.Y.Y/api/sslkeyandcertificate/sslkeyandcertificate-sslprofile-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Default-Portal-Cert\", \"https://10.X.X.X/api/sslkeyandcertificate/sslkeyandcertificate-sslprofile-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Default-Portal-Cert-EC256\"], \"enable_https\": true, \"allow_basic_authentication\": true, \"password_strength_check\": false, \"enable_http\": true}, \"ntp_configuration\": {\"ntp_servers\": [{\"server\": {\"type\": \"DNS\", \"addr\": \"0.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"1.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"2.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"3.us.pool.ntp.org\"}}]}, \"ssh_ciphers\": [\"aes128-ctr\", \"aes256-ctr\", \"arcfour256\", \"arcfour128\"], \"default_license_tier\": \"ENTERPRISE_18\", \"_last_modified\": \"1536773140367910\"}", "user": "admin", "new_resource_data": "{\"url\": \"https://10.X.X.X/api/systemconfiguration\", \"uuid\": \"default\", \"_last_modified\": \"1536773295406537\", \"email_configuration\": {\"disable_tls\": false, \"mail_server_port\": 25, \"mail_server_name\": \"localhost\", \"smtp_type\": \"SMTP_LOCAL_HOST\", \"from_email\": \"[email protected]\"}, \"global_tenant_config\": {\"se_in_provider_context\": true, \"tenant_access_to_provider_se\": true, \"tenant_vrf\": false}, \"dns_configuration\": {\"search_domain\": \"\"}, \"ssh_hmacs\": [\"[email protected]\", \"[email protected]\", \"[email protected]\", \"hmac-sha2-512\"], \"docker_mode\": false, \"portal_configuration\": {\"use_uuid_from_input\": false, \"redirect_to_https\": true, \"sslprofile_ref\": \"https://10.X.X.X/api/sslprofile/sslprofile-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Standard-Portal\", \"disable_remote_cli_shell\": false, \"enable_clickjacking_protection\": true, \"sslkeyandcertificate_refs\": [\"https://10.X.X.X/api/sslkeyandcertificate/sslkeyandcertificate-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Default-Portal-Cert\", \"https://10.X.X.X/api/sslkeyandcertificate/sslkeyandcertificate-aaaaaaa-bbbb-11cc-22dd-123456789123#System-Default-Portal-Cert-EC256\"], \"enable_https\": true, \"allow_basic_authentication\": true, \"password_strength_check\": false, \"enable_http\": true}, \"ntp_configuration\": {\"ntp_servers\": [{\"server\": {\"type\": \"DNS\", \"addr\": \"0.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"1.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"2.us.pool.ntp.org\"}}, {\"server\": {\"type\": \"DNS\", \"addr\": \"3.us.pool.ntp.org\"}}]}, \"ssh_ciphers\": [\"aes128-ctr\", \"aes256-ctr\", \"arcfour256\", \"arcfour128\"], \"default_license_tier\": \"ENTERPRISE_18\"}", "path": "/api/systemconfiguration/", "resource_type": "SystemConfiguration"}}, "event_description": "Config update status is success (performed by user admin)", "module": "CONFIG", "report_timestamp": "2018-09-12 17:28:15", "internal": "EVENT_EXTERNAL", "event_pages": ["EVENT_PAGE_ALL", "EVENT_PAGE_VS", "EVENT_PAGE_POOL", "EVENT_PAGE_SE", "EVENT_PAGE_AUDIT"], "context": "EVENT_CONTEXT_CONFIG", "obj_name": "default", "obj_uuid": "default", "tenant": "admin"}], "name": "Syslog-Config-Events-default-6600391043391638330-1536773295-19597741"} `
SYSLOG_RFC5425_ENHANCED
在 SYSLOG_RFC5425_ENHANCED 模式下,从控制器发出的 syslog 消息遵循 RFC5425 中所述的格式。此模式下的 syslog 消息具有以下格式:
HEADER STRUCTURED-DATA MSG,
其中标头如下所述:
PRI:表示消息的设施和严重性,PRI = 设施 * 8 + 严重性。
VERSION:syslog 协议标准的版本号。目前,此值为 1。
ISOTIMESTAMP:以 ISO 8601 格式 (yyyy-mm-ddThh:mm:ss+-ZONE) 生成消息的时间。
HOSTNAME:最初发送消息的计算机。
请考虑下面提供的示例:
Dec 22 09:15:09 10.128.49.7 1 2020-12-22T09:15:09.936Z 10-128-49-7 Avi-Controller - - - INFO [Syslog-Config: reason: Syslog for Config Events occured] At 2020-12-22 09:13:33+00:00 event CONFIG_UPDATE occurred on object Syslog-Config in tenant admin as Config Syslog-Config update status is success (performed by user admin).
注:
从 NSX Advanced Load Balancer 22.1.3 开始,当在外部服务器中流式传输日志时,会将 tenant_name 添加到 syslog 格式。
