您可以配置 NSX 设备、NSX Edge 和 Hypervisor,以将日志消息发送到远程日志服务器。

NSX ManagerNSX Edge 和 Hypervisor 支持远程日志记录。必须分别在每个节点上配置远程日志记录。

对于协议参数,选项包括 UDP、TCP、LI 以及安全协议 TLS 和 LI-TLS。Log Insight 日志服务器支持所有协议。仅当日志服务器为 Log Insight 时,才能使用协议 LI 和 LI-TLS。使用 LI 或 LI-TLS 的好处是它们可优化网络使用情况。如果日志服务器为 Log Insight,建议使用 LI 或 LI-TLS。如果无法使用 LI,则 TCP 的优势是更加可靠,而 UDP 的优势是需要较少的系统和网络开销。

前提条件

  • 请自行熟悉 CLI 命令 set logging-server。有关详细信息,请参见NSX 命令行界面参考
  • 如果指定安全协议 TLS 或 LI-TLS,则服务器和客户端证书必须存储在每个 NSX 设备上的 /image/vmware/nsx/file-store 中。请注意,仅当使用 NSX CLI 配置导出程序时,才需要文件存储中的证书。如果使用 API,则无需使用文件存储。完成 syslog 导出程序配置后,必须删除此位置中的所有证书和密钥,以避免潜在的安全漏洞。
  • 要配置与日志服务器的安全连接,请确认服务器配置了 CA 签名的证书。例如,如果您使用 Log Insight 服务器 vrli.prome.local 作为日志服务器,则可以从客户端运行以下命令以查看服务器上的证书链:
    echo -n | openssl s_client -connect vrli.prome.local:443  | sed -ne '/^Certificate chain/,/^---/p'

    例如:

    root@caserver:~# echo -n | openssl s_client -connect vrli.prome.local:443  | sed -ne '/^Certificate chain/,/^---/p'
    depth=2 C = US, L = California, O = GS, CN = Orange Root Certification Authority
    verify error:num=19:self signed certificate in certificate chain
    Certificate chain
     0 s:/C=US/ST=California/L=HTG/O=GSS/CN=vrli.prome.local
       i:/C=US/L=California/O=GS/CN=Green Intermediate Certification Authority
     1 s:/C=US/L=California/O=GS/CN=Green Intermediate Certification Authority
       i:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
     2 s:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
       i:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
    ---
    DONE

过程

  1. 要在 NSX 设备或 NSX Edge 上配置远程日志记录,请执行以下操作:
    1. 运行以下命令以配置日志服务器和要发送到日志服务器的消息类型。可以将多个设备或消息 ID 指定为逗号分隔列表(不含空格)。
      set logging-server <hostname-or-ip-address[:port]> proto <proto> level <level> [facility <facility>] [messageid <messageid>] [serverca <filename>] [clientca <filename>] [certificate <filename>] [key <filename>] [structured-data <structured-data>]
      您可以多次运行该命令来添加多个配置。例如:
      set logging-server 192.168.110.60 proto udp level info facility local6 messageid SYSTEM,FABRIC
      set logging-server 192.168.110.60 proto udp level info facility auth,user
      要仅将审核日志转发到远程服务器,请在 structured-data 参数中指定 audit="true"。例如:
      set logging-server <server-ip> proto udp level info structured-data audit="true"
      所有 NSX 日志均使用程序模块 local6。仅当未设置程序模块筛选器或指定程序模块中包含 local6 时,才应使用 messageidstructured-data 筛选器。
    2. 配置安全远程登录:
      • 要使用协议 LI-TLS 配置安全远程日志记录,请指定 proto li-tls 参数。例如:
        set logging-server vrli.prome.local proto li-tls level info messageid SWITCHING,ROUTING,FABRIC,SYSTEM,POLICY,HEALTHCHECK,SHA,MONITORING serverca intermed-ca-full-chain.crt

        如果配置成功,您将收到一条不含任何文本的提示。要查看服务器证书链(中间证书后跟根证书)的内容,请以 root 的身份登录,然后运行以下命令:

        keytool -printcert -file /image/vmware/nsx/file-store/intermed-ca-full-chain.crt
        例如,
        root@nsx1:~# keytool -printcert -file /image/vmware/nsx/file-store/intermed-ca-full-chain.crt
        Certificate[1]:
        Owner: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd2
        Valid from: Sun Mar 15 00:00:00 UTC 2020 until: Mon Mar 17 00:00:00 UTC 2025
        Certificate fingerprints:
          MD5:  94:C8:9F:92:56:60:EB:DB:ED:4B:11:17:33:27:C0:C9
          SHA1: 42:9C:3C:51:E8:8E:AC:2E:5E:62:95:82:D7:22:E0:FB:08:B8:64:29
          SHA256: 58:B8:63:3D:0C:34:35:39:FC:3D:1E:BA:AA:E3:CE:A9:C0:F3:58:53:1F:AD:89:A5:01:0D:D3:89:9E:7B:C5:69
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[2]:
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
          MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
          SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
          SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        成功和失败情况的日志都记录在 /var/log/loginsight-agent/liagent_2020-MM-DD-<file-num>.log 中。如果配置成功,则可以使用以下命令来查看 Log Insight 配置:
        cat /var/lib/loginsight-agent/liagent-effective.ini
        例如,
        root@nsx1:/image/vmware/nsx/file-store# cat /var/lib/loginsight-agent/liagent-effective.ini
        ; Dynamic file representing the effective configuration of VMware Log Insight Agent (merged server-side and client-side configuration)
        ;     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
        ; Creation time: 2020-03-22T19:41:21.648800
         
        [server]
        hostname=vrli.prome.local
        proto=cfapi
        ssl=yes
        ssl_ca_path=/config/vmware/nsx-node-api/syslog/bb466082-996f-4d77-b6e3-1fa93f4a20d4_ca.pem
        ssl_accept_any_trusted=yes
        port=9543
        filter={filelog; nsx-syslog; pri_severity <= 6 and ( msgid == "SWITCHING" or msgid == "ROUTING" or msgid == "FABRIC" or msgid == "SYSTEM" or msgid == "POLICY" or msgid == "HEALTHCHECK" or msgid == "SHA" or msgid == "MONITORING" )}
         
        [filelog|nsx-syslog]
        directory=/var/log
        include=syslog;syslog.*
        parser=nsx-syslog_parser
         
        [parser|nsx-syslog_parser]
        base_parser=syslog
        extract_sd=yes
         
        [update]
        auto_update=no
      • 要使用协议 TLS 来配置安全远程日志记录,请指定 proto tls 参数。例如:
        set logging-server vrli.prome.local proto tls level info serverca Orange-CA.crt.pem clientca Orange-CA.crt.pem certificate gc-nsxt-mgr-full.crt.pem key gc-nsxt-mgr.key.pem
        请注意以下事项:
        • 对于 serverCA 参数,只需提供根证书,而不是整个链。
        • 如果 clientCA 不同于 serverCA,则只需提供根证书。
        • 该证书应该包含 NSX Manager 的完整链(应兼容 NDcPP - EKU、BASIC 和 CDP(CDP - 可以忽略这项检查))。
        您可以使用 keytool 命令检查每个证书的内容。例如,
        keytool -printcert -file /image/vmware/nsx/file-store/Orange-CA.crt.pem
        keytool -printcert -file gc-nsxt-mgr-full.crt.pem
        示例输出:
        root@gc3:~# keytool -printcert -file /image/vmware/nsx/file-store/Orange-CA.crt.pem
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
          MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
          SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
          SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        root@gc3:~#
         
        root@gc3:/image/vmware/nsx/file-store# keytool -printcert -file gc-nsxt-mgr-full.crt.pem
        Certificate[1]:
        Owner: CN=gc.prome.local, O=GS, L=HTG, ST=California, C=US
        Issuer: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Serial number: bdf43ab31340b87f323b438a2895a075
        Valid from: Mon Mar 16 07:26:51 UTC 2020 until: Wed Mar 16 07:26:51 UTC 2022
        Certificate fingerprints:
                MD5:  36:3C:1F:57:96:07:84:C0:6D:B7:33:9A:8D:25:4D:27
                SHA1: D1:4E:F9:45:2D:0D:34:79:D2:B4:FA:65:28:E0:5C:DC:74:50:CA:3B
                SHA256: 3C:FF:A9:5D:AA:68:44:44:DD:07:2F:DD:E2:BE:9C:32:19:7A:03:D5:26:8D:5F:AD:56:CA:D2:6C:91:96:27:6F
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[2]:
        Owner: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd2
        Valid from: Sun Mar 15 00:00:00 UTC 2020 until: Mon Mar 17 00:00:00 UTC 2025
        Certificate fingerprints:
                MD5:  94:C8:9F:92:56:60:EB:DB:ED:4B:11:17:33:27:C0:C9
                SHA1: 42:9C:3C:51:E8:8E:AC:2E:5E:62:95:82:D7:22:E0:FB:08:B8:64:29
                SHA256: 58:B8:63:3D:0C:34:35:39:FC:3D:1E:BA:AA:E3:CE:A9:C0:F3:58:53:1F:AD:89:A5:01:0D:D3:89:9E:7B:C5:69
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[3]:
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
                MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
                SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
                SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        /var/log/syslog 中成功日志记录的示例:
        <182>1 2020-03-22T21:54:34.501Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created CA PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:36.269Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created client CA PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_client_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:36.495Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert issuer = /C=US/L=California/O=GS/CN=Green IntermediateCertification Authority
        <182>1 2020-03-22T21:54:36.514Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert subject = /C=US/ST=California/L=HTG/O=GS/CN=gc.promelocal
        <182>1 2020-03-22T21:54:36.539Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] certificate trust check succeeded. status: 200, result:{'status': 'OK'}
        <182>1 2020-03-22T21:54:36.612Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] Certificate already exists, skip import
        <182>1 2020-03-22T21:54:37.322Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created certificate PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_cert.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:38.020Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created key PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_key.pem for logging server vrli.prome.local:6514
        /var/log/syslog 中失败日志记录的示例:
        <182>1 2020-03-22T21:33:30.424Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created client CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_client_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:33:30.779Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert issuer = /C=US/L=California/O=GS/CN=Green IntermediateCertification Authority
        <182>1 2020-03-22T21:33:30.803Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert subject = /C=US/ST=California/L=HTG/O=GS/CN=gc.promelocal
        <179>1 2020-03-22T21:33:30.823Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="ERROR" errorCode="NODE10"] Certificate trust check failed. status:200, result: {'error_message': 'Certificate CN=gc.prome.local,O=GS,L=HTG,ST=California,C=US was not verifiably signed by CN=gc.prome.local,O=GS,L=HTG,ST=California,C=US: certificate does not verifywith supplied key', 'status': 'ERROR'}
        <179>1 2020-03-22T21:33:30.824Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="ERROR" errorCode="NODE10"] Failed to create certificate PEM file config/vmware/nsx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_cert.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:33:31.578Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully deleted CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_ca.pem
        <182>1 2020-03-22T21:33:32.342Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully deleted client CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_ca.pem
        <182>1 2020-03-22T21:33:32.346Z gc3.prome.local NSX 16698 - [nsx@6876 comp="nsx-cli" subcomp="node-mgmt" username="admin" level="INFO" audit="true"] CMD: set logging-server vrli.prome.local prototls level info serverca Orange-CA.crt.pem clientca Orange-CA.crt.pem certifi
        cate gc-nsxt-mgr.crt.pem key gc-nsxt-mgr.key.pem (duration: 6.365s), Operation status: CMD_EXECUTED
        可以使用以下命令来检查证书和私钥是否匹配。例如:
        diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr.key.pem -pubout)
        如果证书和私钥匹配,则输出为 正在写入 RSA 密钥。任何其他输出均表示它们不匹配。例如,如果证书和私钥匹配,您将看到:
        root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr.key.pem -pubout)
        writing RSA key
        损坏的私钥的示例:
        root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr-corrupt.key.pem -pubout)
        unable to load Private Key
        140404188370584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
        140404188370584:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1205:
        140404188370584:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=RSA
        140404188370584:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:119:
        140404188370584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
        140404188370584:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1205:
        140404188370584:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=PKCS8_PRIV_KEY_INFO
        140404188370584:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:
        1,14d0
        < -----BEGIN PUBLIC KEY-----
        < MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3yH7pZidfkLrEP3zVa9
        < EcOKXlFFjkThZRZMfguenlm8s6QHYVvuUX8IRB48Li3/DUfOj0bzaPWktpv+Q2P0
        < N/j4LoX2RzjV/DPxYfLP6GMNMc21L3s9ruBeWUthtUP8khCWd2d2rZ09cUZVl0P9
        < kIYBb5RMFC7Z1OUtH3bKdepEf+sXz3DaKZ/WySzYq9x86QDaA3ABO3Q0i7txBscI
        < FvXuMDOMQaC3pPp9FWO6IPRAWB57wahLJv6K5qGIfwubSBFg53grT4snf1lDZAhZ
        < 9hz5JgGr80GVyWyb7rgigpl9iUWAZx8U9De9XoxmvBN5iEGTIuKGaEgICL176crb
        < RMkhjnCqNHI+z6sQvpYJ7U0zZc72eBIWoHUkcWWk3eU6Oy4OiyW6jYuXG7hZYlly
        < nSkme3mZUWJKvcoX05+3zeCP623/HzE7X2sNyWFjzeF3XEvauZrIbsJh/xp2ShDa
        < uKKEY0gUGhLtCa3TpV9l8d6tFWVy8XjVjdjoVt4s7MfUo/airVmRykfsWrKyNUOQ
        < qRZvSbqjt8pm+3bSvKdXX4ul7ptPG2GF20ETWHPwjk2JwQpGhR9zK8fsKzvm6hXi
        < kq76zI4FefuVps3e1r39+0F+p6d6i2oUoo24sC1iSePTDhU74efVp6iv8HmnDgYX
        < Ylm6Kusr0JT5TJFDfASmrj8CAwEAAQ==
        < -----END PUBLIC KEY-----
        彼此不配对但有效的私钥和证书的示例:
          root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/vrli.key.pem -pubout)
          writing RSA key
          2,13c2,13
          < MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3yH7pZidfkLrEP3zVa9
          < EcOKXlFFjkThZRZMfguenlm8s6QHYVvuUX8IRB48Li3/DUfOj0bzaPWktpv+Q2P0
          < N/j4LoX2RzjV/DPxYfLP6GMNMc21L3s9ruBeWUthtUP8khCWd2d2rZ09cUZVl0P9
          < kIYBb5RMFC7Z1OUtH3bKdepEf+sXz3DaKZ/WySzYq9x86QDaA3ABO3Q0i7txBscI
          < FvXuMDOMQaC3pPp9FWO6IPRAWB57wahLJv6K5qGIfwubSBFg53grT4snf1lDZAhZ
          < 9hz5JgGr80GVyWyb7rgigpl9iUWAZx8U9De9XoxmvBN5iEGTIuKGaEgICL176crb
          < RMkhjnCqNHI+z6sQvpYJ7U0zZc72eBIWoHUkcWWk3eU6Oy4OiyW6jYuXG7hZYlly
          < nSkme3mZUWJKvcoX05+3zeCP623/HzE7X2sNyWFjzeF3XEvauZrIbsJh/xp2ShDa
          < uKKEY0gUGhLtCa3TpV9l8d6tFWVy8XjVjdjoVt4s7MfUo/airVmRykfsWrKyNUOQ
          < qRZvSbqjt8pm+3bSvKdXX4ul7ptPG2GF20ETWHPwjk2JwQpGhR9zK8fsKzvm6hXi
          < kq76zI4FefuVps3e1r39+0F+p6d6i2oUoo24sC1iSePTDhU74efVp6iv8HmnDgYX
          < Ylm6Kusr0JT5TJFDfASmrj8CAwEAAQ==
          ---
          > MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqvsjay7+o7gCW7szT3ho
          > bC34XX2l6u5Jl4/X/pUDI/YHmIf06bsZ1r/l4bTL4Q7BM6+9MI6UYEE7DxUoINGO
          > o4FEEQE32KWVFe3gw3homHU39q4pQjsJsxTcTE3oDMlIY0nWJ0PRUst3DffyUH1L
          > W0NUN9YdN+fAl2Uf021iuDqVy9V8AH3ON6fu+QCA8nt71ZkzeTxSA0ldpl2NA17F
          > rD8rm05wxnV7WtuV7V8PstISiClzhHgZRMl+B0r30OitnyAzEGLaRT3//PKfe0Oe
          > HCdxGMlrUtMqxIItJahEsqvMufyqNYecVscyXLHPelizKCsQfy8cO8LnznG8VAdc
          > YILSn3uYGZap6aF1SgVxsvZicwvlYnssmgE13Af0nScmfM96k9h5joHVEkWK6O8v
          > oT5DGG1kVL2Qly97x0b6EnzUorzivv5zJMKvFcOektR8HdMHQit5uvmMRY3S5zow
          > FtvfSDfWxxKyTy6GBrpP+8F+Jq91yGy/qa9lhKBzT2lg+rJp7T8k7/Nm9Tjyx7jL
          > EqgEKZEL4chxpo8ucF98hbvXWRuaFHC2iDzGuUmuS1FfjVvHTuIbEMQfjapLZrHx
          > 8jHfOP/PL+6kPbvNZZ2rTpczuEoGTQFFW9vX48GzIEyMeR6QWpPR0F7r4xak68P5
          > 2PJmMveinDhU35IqWEXHAwcCAwEAAQ==
    3. 要查看日志记录配置,请运行以下命令:
      get logging-server
      例如,
      nsx> get logging-servers
      192.168.110.60 proto udp level info facility local6 messageid SYSTEM,FABRIC
      192.168.110.60 proto udp level info facility auth,user
    4. 要清除远程日志记录配置,请运行以下命令:
      clear logging-servers
  2. 要在 ESXi 主机上配置远程日志记录,请执行以下操作:
    1. 运行以下命令以配置 syslog 并发送测试消息:
      esxcli network firewall ruleset set -r syslog -e true
      esxcli system syslog config set --loghost=udp://<log server IP>:<port> --log-level=info
      esxcli system syslog reload
      esxcli system syslog mark -s "This is a test message"
    2. 可以运行以下命令以显示配置:
      esxcli system syslog config get