Configure the NSX Controller instances to forward log information to vRealize Log Insight by using the NSX REST API. To enable log forwarding, you can use a REST client, such as the Postman application.

Procedure

  1. Log in to the Windows host that has access to your data center.
  2. Start the Postman application and log in.
  3. Specify the headers for requests to the NSX Manager. 
    1. On the Authorization tab, configure the following authorization settings and click Update Request.

      Setting

      Value

      Type

      Basic Auth

      User name

      admin

      Password

      nsx_admin_password

      The Authorization:Basic XXX header appears in the Headers pane.

    2. On the Headers tab, enter the following header details.

      Request Header Attribute

      Value

      Content-Type

      application/xml

      The Content-Type:application/xml header appears in the Headers pane.

  4. Contact NSX Manager to retrieve the IDs of the associated NSX Controllers.
    1. Select GET from the drop-down menu that contains the HTTP request methods.
    2. In the URL text box next to the selected method, enter the following URL, and click Send.

      NSX Manager

      URL

      NSX Manager for the management cluster

      https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller

      NSX Manager for the shared edge and compute cluster

      https://sfo01w01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller

      The Postman application sends a query to the NSX Manager about the installed NSX controllers.

    3. After the NSX Manager sends a response back, click  the Body  tab in the response pane.

      The response body contains a root <controllers> XML element that groups the details about the three controllers that form the controller cluster. 

    4. Within the <controllers> element, locate the <controller> element for each controller and write down the content of the <id> element.

      Controller IDs have the controller-id format where id represents the sequence number of the controller in the cluster, for example, controller-1 in the following image.





    5. Repeat the steps for the other NSX Manager.
  5. For each NSX Controller, send a request to configure vRealize Log Insight as a remote syslog server.
    1. In the request pane at the top, select POST from the drop-down menu that contains the HTTP request methods, and in the URL text box, enter the following URL.

      Replace controller-ID with the controller IDs you have written down.

      NSX Manager

      NSX Controller in the Controller Cluster

      POST URL

      NSX Manager for the management cluster

      NSX Controller 1

      https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-1/syslog

      NSX Controller 2

      https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-2/syslog

      NSX Controller 3

      https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-3/syslog

      NSX Manager for the shared edge and compute cluster

      NSX Controller 1

      https://sfo01w01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-1/syslog

      NSX Controller 2

      https://sfo01w01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-2/syslog

      NSX Controller 3

      https://sfo01w01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/controller-3/syslog

    2. In the Request pane, click the Body tab, select Raw, and using the drop-down menu, select XML (Application/XML).
    3. Paste the following request body in the Body text box and click Send.
      <controllerSyslogServer>
         <syslogServer>192.168.31.10</syslogServer>
         <port>514</port>
         <protocol>UDP</protocol>
         <level>INFO</level>
      </controllerSyslogServer> 

    4. Repeat the steps for the other NSX Controllers in the management cluster and in the shared edge and compute cluster.
  6. Verify the syslog configuration on each NSX Controller. 
    1. In the Request pane, from the Method drop-down menu, select GET, in the URL text box, enter the controller-specific syslog URL from Step 5, and click the SEND button.
    2. After the NSX Manager sends a response back, click the Body tab under Response

      The response body contains a root <controllerSyslogServer> element, which represents the settings for the remote syslog server on the NSX Controller.

    3. Verify that the value of the <syslogServer> element is 192.168.31.10.
    4. Repeat the steps for the other NSX Controllers to verify the syslog configuration.