This section describes how you can configure the syslog server and view technical support logs for each NSX component. Management plane logs are available through NSX Manager and data plane logs are available through vCenter Server. Hence, it is recommended that you specify the same syslog server for the NSX component and vCenter Server in order to get a complete picture when viewing logs on the syslog server.

For information on configuring syslog for hosts managed by a vCenter Server, see VMware vSphere ESXi and vCenter Server 5.5 Documentation.

Note:

Syslog or jump servers used to collect logs and access an NSX Distributed Logical Router (DLR) Control VM can't be on the logical switch that is directly attached to that DLR's logical interfaces.

NSX Manager

To specify a syslog server, see Specify a Syslog Server.

To download technical support logs, see Download Technical Support Logs for NSX.

NSX Edge

To specify a syslog server, see Configure Remote Syslog Servers.

To download technical support logs, see Download Tech Support Logs for NSX Edge.

Firewall

You must configure the remote syslog server for each cluster that has firewall enabled. The remote syslog server is specified in the Syslog.global.logHost attribute. See ESXi and vCenter Server 5.5 Documentation.

Here is a sample line from a host log file.

2013-10-02T05:41:12.670Z cpu11:1000046503)vsip_pkt: INET, match, PASS, Rule 0/3, Ruleset domain-c7, Rule ID 100, OUT, Len 60, SRC 10.24.106.96, DST 10.24.106.52, TCP SPORT 59692, DPORT 22 S

which consists of three parts:

Table 1. Components of log file entry

Value in example

VMKernel common log portion consists of date, time, CPU, and WorldID

2013-10-02T05:41:12.670Z cpu11:1000046503)

Identifier

vsip_pkt

Firewall specific portion

INET, match, PASS, Rule 0/3, Ruleset domain-c7, Rule ID 100, OUT, Len 60, SRC 10.24.106.96, DST 10.24.106.52, TCP SPORT 59692, DPORT 22 S

Table 2. Firewall specific portion of log file entry

Entity

Possible Values

AF Value

INET, INET6

Reason

Possible values: match, bad-offset, fragment, short, normalize, memory, bad-timestamp, congestion, ip-option, proto-cksum, state-mismatch, state-insert, state-limit, src-limit, synproxy, spoofguard

Action

PASS, DROP, SCRUB, NOSCRUB, NAT, NONAT, BINAT, NOBINAT, RDR, NORDR, SYNPROXY_DROP, PUNT, REDIRECT, COPY

Rule identifier

Identifier

Rule value

Ruleset ID and Rule position (Internal details)

Rule set identifier

Identifier

Rule set value

Ruleset name

Rule ID identifier

Identifier

Rule ID

ID matched

Direction

ROUT, IN

Length identifier

Len followed by variable

Length value

Packet length

Source identifier

SRC

Source IP address

IP address

Destination identifier

IP address

Protocol

TCP, UDP, PROTO

Source port identifier

SPORT

Source port

Source port number for TDP and UDP

Source port identifier

Destination port identifier

Destination port

Destination port number for TDP and UDP

Flag

Flag for TCP