NSX Malware Prevention microservices that run on NSX Edges, service virtual machine (on ESXi hosts), and NSX Application Platform conform to the RFC 5424 log message standard.

Log Messages

On NSX-T appliances, syslog messages conform to the RFC 5424 standard. On ESXi hosts, syslog messages conform to the RFC 3164 standard. The log files are written to the /var/log directory. Remote logging is also supported.

NSX Malware Prevention feature is supported only on ESXi hosts. KVM hosts are not supported.

For more information, see Log Messages and Error Codes.

Troubleshoot Syslog Issues

If the remote log server that you configured is unable to receive logs, see Troubleshooting Syslog Issues.

Collect Support Bundles

  • To collect support bundles for Management Nodes, NSX Edges, and Hosts, see Collect Support Bundles.
  • To collect support bundles for NSX Application Platform, see the Deploying and Managing the VMware NSX Application Platform documentation at https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html.
  • To collect log files for NSX Malware Prevention service virtual machine (SVM) that is running on ESXi hosts, you must have an SSH access to the SVM.

    SSH access to the admin user of the SVM is key-based (public-private key pair). A public key is needed when you are deploying the service on an ESXi host cluster, and a private key is needed when you want to start an SSH session to the SVM.

    For more information see, Log in to the NSX Malware Prevention Service Virtual Machine.