Create alerts using the in-built problem and alert signatures in vRealize Log Insight for NSX for vSphere and direct them to the vRealize Operations Manager inventory. For each alert, you create one instance for the NSX Manager for the management cluster and one instance for the NSX Manager for the shared edge and compute cluster in the region.

For monitoring the NSX for vSphere configuration in the Software-Defined Data Center, you can use the following alerts in vRealize Log Insight:

Table 1. NSX Alerts in vRealize Log Insight
Alert Name Purpose Severity
VMW_NSX_Firewall critical errors Firewall critical events:
  • 301501 - This is vsm side event if host failed to respond with in time-out window
  • 301503 - This is vsm side event if vsm failed while provisioning firewall rule
  • 301506 - This is vsm side event if vsm failed to send exclude list update
  • 301031 - Failed to receive/parse/Update firewall config.  Key value will have context info like generation number and also other debugging info
Critical
VMW_NSX_VXLAN dataplane lost connection to controller This alert indicates VXLAN dataplane lost connection to controller. Critical
VMW_NSX_VXLAN configuration issue This alert is generated when VXLAN configuration pushed to host before host was prep'ed - host must be rebooted to initialize configuration in correct order. Critical
VMW_NSX_Manager - Host Communication Errors This event will be generated when NSX Manager fails to receive heartbeat from UserWorld Agent on the host within the threshold period. The output is grouped by host-id. The host-id can be found from vCenter. Critical

Procedure

  1. Open the vRealize Log Insight user interface.
    1. Open a Web browser and go to the following URL.
      Region vRealize Log Insight URL
      Region A https://sfo01vrli01.sfo01.rainpole.local
      Region B https://lax01vrli01.lax01.rainpole.local
    2. Log in using the following credentials.
      Setting Value
      User name admin
      Password vrli_admin_password
  2. In the vRealize Log Insight user interface, click Interactive Analytics.
  3. Click the icon and select Manage Alerts.
  4. Select an alert that is related to NSX .
    1. In the search box of the Alerts dialog box, enter the following alert name as a search phrase.
      VMW_NSX_Firewall critical errors 
    2. Select the alert from the search result and click the Edit icon next to the alert name.
  5. Create an instance of the alert for each NSX Manager in the region using the name of the NSX Manager virtual machine in the query filter.
    1. In the New Alert dialog box, click Run Query.
      A query editor page opens.
    2. Click Add Filter and use the drop-down menus to define the following filter.
      Table 2. Filters for vRealize Log Insight in Region A
      Filter Value for Management NSX Alerts in Region A Value for Compute NSX Alerts in Region A
      Object type vc_vm_name vc_vm_name
      Operation contains contains
      Object sfo01m01nsx01 sfo01w01nsx01
      Table 3. Filters for vRealize Log Insight in Region B
      Filter Value for Management NSX Alerts in Region B Value for Compute NSX Alerts in Region B
      Object type vc_vm_name vc_vm_name
      Operation contains contains
      Object lax01m01nsx01 lax01w01nsx01
    3. Click on the Search icon.
    4. Click the icon and select Create Alert from Query.
    5. In the New Alert dialog box, configure the following alert settings and click Save.
      Table 4. Alerts for vRealize Log Insight in Region A
      Setting Value for Management NSX Alert in Region A Value for Compute NSX Alert in Region A
      Name VMW_NSX_Firewall critical errors (sfo01m01nsx01) VMW_NSX_Firewall critical errors (sfo01w01nsx01)
      Description (Recommendation)

      nsx_alert_purpose

      See Table 1.

      nsx_alert_purpose

      See Table 1.

      Email Email address to send alerts to Email address to send alerts to
      Send to vRealize Operations Manager Selected Selected
      Fallback Object (VMs) sfo01m01nsx01 sfo01w01nsx01
      Criticality critical critical
      Raise an alert On any match On any match
      Table 5. Alerts for vRealize Log Insight in Region B
      Setting Value for Management NSX Alert in Region B Value for Compute NSX Alert in Region B
      Name VMW_NSX_Firewall critical errors (lax01m01nsx01) VMW_NSX_Firewall critical errors (lax01w01nsx01)
      Description (Recommendation)

      nsx_alert_purpose

      See Table 1.

      nsx_alert_purpose

      See Table 1.

      Email Email address to send alerts to Email address to send alerts to
      Send to vRealize Operations Manager Selected Selected
      Fallback Object (VMs) lax01m01nsx01 lax01w01nsx01
      Criticality critical critical
      Raise an alert On any match On any match
    6. Repeat the steps to create the alert instance for the other NSX Manager in the region.
  6. Repeat Step 3 to Step 5 for the rest of the alerts, configuring two instances of each alert in the region.
  7. Repeat the procedure in vRealize Log Insight to create the alerts for both instances of NSX Managers in the other region.