You can configure NSX-T Data Center appliances and hypervisors to send log messages to a remote logging server.

Remote logging is supported on NSX Manager, NSX Controller, NSX Edge, and hypervisors. You must configure remote logging on each node individually.

On an KVM host, the NSX-T Data Center installation package automatically configures the rsyslog daemon by putting configuration files in the /etc/rsyslog.d directory.

Prerequisites

  • Configure a logging server to receive the logs.

Procedure

  1. To configure remote logging on an NSX-T Data Center appliance:
    1. Run the following command to configure a log server and the types of messages to send to the log server. Multiple facilities or message IDs can be specified as a comma delimited list, without spaces.
      set logging-server <hostname-or-ip-address[:port]> proto <proto> level <level> [facility <facility>] [messageid <messageid>] [certificate <filename>] [structured-data <structured-data>]
      For more information about this command, see the NSX-T CLI Reference. You can run the command multiple times to add multiple logging server configurations. For example:
      nsx> set logging-server 192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC
      nsx> set logging-server 192.168.110.60 proto udp level info facility auth,user
    2. you can view the logging configuration with the get logging-server command. For example,
      nsx> get logging-servers
      192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC
      192.168.110.60 proto udp level info facility auth,user
  2. To configure remote logging on an ESXi host:
    1. Run the following commands to configure syslog and send a test message:
      esxcli network firewall ruleset set -r syslog -e true
      esxcli system syslog config set --loghost=udp://<log server IP>:<port>
      esxcli system syslog reload
      esxcli system syslog mark -s "This is a test message"
    2. You can run the following command to display the configuration:
      esxcli system syslog config get
  3. To configure remote logging on a KVM host:
    1. Edit the file /etc/rsyslog.d/10-vmware-remote-logging.conf for your environment.
    2. Add the following line to the file:
      *.* @<ip>:514;RFC5424fmt
    3. Run the following command:
      service rsyslog restart