Configure the NSX Controllers and UDLR Control VM instances for the management cluster to forward log information to vRealize Log Insight in Region B. Use the NSX REST API to configure the NSX Controllers. To enable log forwarding, you can use a REST client, such as the Postman application for Google Chrome.

Procedure

  1. Log in to the Windows host that has access to your data center.
  2. In a Chrome browser, start the Postman application and log in.
  3. Specify the request headers for requests to the NSX Manager. 
    1. On the Authorization tab, configure the following authorization settings and click Update Request.

      Settings

      Value

      Type

      Basic Auth

      User name

      admin

      Password

      lax01m01nsx01_admin_password

      The Authorization:Basic XXX header appears in the Headers pane.

    2. On the Headers tab, enter the following header details.

      Setting

      Value

      Key

      Content-Type

      Value

      application/xml

      The Content-Type:application/xml header appears in the Headers pane.

  4. Contact the NSX Manager to retrieve the IDs of the associated NSX Controllers.
    1. Select GET from the drop-down menu that contains the HTTP request methods.
    2. In the URL text box next to the selected method, enter the following URL, and click Send.

      NSX Manager

      URL

      NSX Manager for the management cluster

      https://lax01m01nsx01.lax01.rainpole.local/api/2.0/vdn/controller

      The Postman application sends a query to the NSX Manager about the installed NSX controllers.

    3. After the NSX Manager sends a response back, click the Body  tab in the response pane.

      The response body contains a root <controllers> XML element that groups the details about the three controllers that form the controller cluster. 

    4. Within the <controllers> element, locate the <controller> element for each controller and write down the content of the <id> element.

      Controller IDs have the controller-id format where id represents the sequence number of the controller in the cluster.





  5. For each NSX Controller, send a request to configure vRealize Log Insight as a remote syslog server.
    1. In the request pane at the top, select POST from the drop-down menu that contains the HTTP request methods, and in the URL text box, enter the following URL.

      Replace controller-ID with the controller IDs you have written down.

      NSX Manager

      NSX Controller in the Controller Cluster

      POST URL

      NSX Manager for the management cluster

      NSX Controller 1

      https://lax01m01nsx01.lax01.rainpole.local/api/2.0/vdn/controller/controller-1/syslog

      NSX Controller 2

      https://lax01m01nsx01.lax01.rainpole.local/api/2.0/vdn/controller/controller-2/syslog

      NSX Controller 3

      https://lax01m01nsx01.lax01.rainpole.local/api/2.0/vdn/controller/controller-3/syslog

    2. In the Request pane, click the Body tab, select Raw, and using the drop-down menu, select XML (Application/XML).
    3. Paste the following request body in the Body text box and click Send.
      <controllerSyslogServer>
         <syslogServer>192.168.32.10</syslogServer>
         <port>514</port>
         <protocol>UDP</protocol>
         <level>INFO</level>
      </controllerSyslogServer> 




    4. Repeat the steps for the other NSX Controllers in the management cluster.
  6. Verify the syslog configuration on each NSX Controller. 
    1. In the Request pane, from the Method drop-down menu, select GET, in the URL text box, enter the controller-specific syslog URL from the previous step, and click the SEND button.
    2. After the NSX Manager sends a response back, click the Body tab under Response

      The response body contains a root <controllerSyslogServer> element, which represents the settings for the remote syslog server on the NSX Controller.

    3. Verify that the value of the <syslogServer> element is 192.168.32.10. 
    4. Repeat the steps for the other NSX Controllers to verify the syslog configuration.




  7. Log in to the Management vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://lax01m01vc01.lax01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  8. Configure the newly-deployed Control VM of the UDLR in Region B to forward events to vRealize Log Insight in Region B.
    1. From the Home menu of the vSphere Web Client, click Networking & Security.
    2. In the Navigator, click NSX Edges.
    3. Select 172.17.11.65 from the NSX Manager drop-down menu.
    4. Double-click sfo01m01udlr01 to open its configuration interface.
    5. On the NSX Edge device page, click the Manage tab, click Settings, and click Configuration.
    6. In the Details pane, click Change next to Syslog servers.
    7. In the Edit Syslog Servers Configuration dialog box, enter the following settings and click OK.

      Setting

      Value

      Syslog Server 1

      192.168.32.10

      Protocol

      udp