You deactivate the SSH service start on boot on the NSX-T edge appliances. You configure the NSX-T Gateway Firewall to send logs to a central log server.
You perform these procedures on the NSX-T tier-0 and tier-1 gateway only if your environment uses NSX-T Edges.
Procedure
- In a Web browser, log in to vCenter Server by using the vSphere Client.
Setting |
Value |
URL |
https://management-domain-vcenter-server-fqdn/ui |
User name |
[email protected] |
- In the VMs and templates inventory, navigate to the NSX-T Edge node, right-click the appliance, and select Open remote console.
VMW-NSXT-01430, VMW-NSXT-01511 Configure the NSX-T Gateway Firewall on the tier-0 and tier-1 gateways to send logs to a central log server.
You can configure the logging server with the LI-TLS or TLS protocols. You must store the server and client certificates in the /var/vmware/nsx/file-store/ on each NSX-T Edge appliance.
- If you want to configure a TLS syslog server, run the command.
set logging-server <server-ip_/_server-FQDN> proto tls level info serverca ca.pem clientca ca.pem certificate cert.pem key key.pem
- If you want to configure a LI-TLS syslog server, run the command.
set logging-server <server-ip_/_server-FQDN> proto li-tls level info serverca root-ca.crt
Note:
Configure the syslog or SNMP server to send an alert if the events server is unable to receive events from the NSX-T Edge node and if DoS incidents are detected.
