You can configure the syslog server and view technical support logs for each NSX component. Management plane logs are available through NSX Manager and data plane logs are available through vCenter Server. Hence, it is recommended that you specify the same syslog server for the NSX component and vCenter Server in order to get a complete picture when viewing logs on the syslog server.

For information on configuring a syslog server for hosts managed by a vCenter Server, see the appropriate version of vSphere documentation under "Data Center & Cloud Infrastructure" at https://www.vmware.com/support/pubs.

Note:

Syslog or jump servers used to collect logs and access an NSX Distributed Logical Router (DLR) Control VM can't be on the logical switch that is directly attached to that DLR's logical interfaces.

NSX Manager

To specify a syslog server, see Configure a Syslog Server for NSX Manager.

To download technical support logs, see Download Technical Support Logs for NSX.

NSX Edge

To specify a syslog server, see Configure Syslog Servers for NSX Edge.

To download technical support logs, see Download Tech Support Logs for NSX Edge.

Firewall

You must configure a syslog server for each cluster that has firewall enabled. The syslog server is specified in the Syslog.global.logHost attribute. See the appropriate version of vSphere documentation under "Data Center & Cloud Infrastructure" at https://www.vmware.com/support/pubs.

A sample firewall log message from a host log file:

2017-02-27T02:27:13.255Z 18915 INET match PASS domain-c11/1001 IN 52 TCP 192.168.254.5/50998->192.168.6.101/80 S

The following tables explain the fields in the firewall log message.

Table 1. Components of a log file entry

Component

Value in example

Timestamp

2017-02-27T02:27:13.255Z

Firewall-specific portion

18915 INET match PASS domain-c11/1001 IN 52 TCP 192.168.254.5/50998->192.168.6.101/80 S

Table 2. Firewall specific portion of log file entry

Entity

Possible Values

Filter hash

A number that can be used to get the filter name and other information.

AF Value

INET, INET6

Reason

match, bad-offset, fragment, short, normalize, memory, bad-timestamp, congestion, ip-option, proto-cksum, state-mismatch, state-insert, state-limit, src-limit, synproxy, spoofguard

Action

PASS, DROP, SCRUB, NOSCRUB, NAT, NONAT, BINAT, NOBINAT, RDR, NORDR, SYNPROXY_DROP, PUNT, REDIRECT, COPY, REJECT

Rule set and rule ID

rule set/rule ID

Direction

IN, OUT

Packet length

length

Protocol

TCP, UDP, PROTO

Source IP address and port

IP address/port

Destination IP address and port

IP address/port

TCP flags

S (SYN), SA (SYN-ACK), A (ACK), P (PUSH), U (URGENT), F (FIN), R (RESET)