Starting in NSX 4.1.2, you can run CLI commands on the NSX Malware Prevention service virtual machine (SVM) to collect support bundle for the SVM.

The support bundle (.tgz file) contains the SVM configuration details, logs, and other important directories. Currently, support bundle collection for the NSX Malware Prevention SVM is supported only from the CLI. You can log in to the SVM on each vSphere host in the host cluster, which is activated for NSX Distributed Malware Prevention service, and run the NSX CLI commands on the SVM. Typically, you might need to log in to the SVMs on the relevant hosts where you want to collect the support bundle and not on all the hosts in the cluster.

Note: The NSX Manager UI does not support collection of support bundle for the NSX Malware Prevention SVM. That is, when you navigate to System > Support Bundle > Request Bundle, and collect a support bundle for the host nodes, the SVM logs are not included in the support bundle even if the hosts are protected with NSX Distributed Malware Prevention service.

Prerequisites

The VMware vCenter administrator must activate SSH access to the SVM on each host. For more information, see the Prerequisites section in Log in to the NSX Malware Prevention Service Virtual Machine.

Procedure

  1. Log in to the NSX Malware Prevention SVM as an admin user.
    For a detailed information, see Log in to the NSX Malware Prevention Service Virtual Machine.
  2. To collect the support bundle, run the following NSX CLI command on the SVM: 
    svm> get support-bundle file <filename.tgz>

    To learn more about this CLI command, see the Malware Prevention Service VM documentation in the NSX Command-Line Interface Reference.

    The support bundle is saved with the specified filename in the file-store directory. The generation of the support bundle takes some time. The amount of time taken depends on the size of the log file in the bundle.
  3. Transfer the support bundle to a remote computer, and then extract the file on that computer to view the SVM logs.
    For example, to transfer the support bundle to a remote computer (10.1.1.1), run the following command on the SVM: 
    svm> copy file svm-support-bundle.tgz url scp://[email protected]/home/Downloads

    For example, to extract the .tgz file, run the following command on the remote computer:

    tar -xzf svm-support-bundle.tgz