Create alerts using the in-built problem and alert signatures in vRealize Log Insight for NSX for vSphere and direct them to the vRealize Operations Manager inventory. For each alert, you create one instance for the NSX Manager for the management cluster and one instance for the NSX Manager for the shared edge and compute cluster in the region.

About this task

For monitoring the NSX for vSphere configuration in the Software-Defined Data Center, you can use the following alerts in vRealize Log Insight:

Table 1. NSX Alerts in vRealize Log Insight

Alert Name

Purpose

Severity

VMW_NSX_Firewall critical errors

Firewall critical events:

  • 301501 - This is vsm side event if host failed to respond with in time-out window

  • 301503 - This is vsm side event if vsm failed while provisioning firewall rule

  • 301506 - This is vsm side event if vsm failed to send exclude list update

  • 301031 - Failed to receive/parse/Update firewall config.  Key value will have context info like generation number and also other debugging info

Critical

VMW_NSX_VXLAN dataplane lost connection to controller

This alert indicates VXLAN dataplane lost connection to controller.

Critical

VMW_NSX_VXLAN configuration issue

This alert is generated when VXLAN configuration pushed to host before host was prep'ed - host must be rebooted to initialize configuration in correct order.

Critical

VMW_NSX_Manager - Host Communication Errors

This event will be generated when NSX Manager fails to receive heartbeat from UserWorld Agent on the host within the threshold period. The output is grouped by host-id. The host-id can be found from vCenter.

Critical

Procedure

  1. Open the vRealize Log Insight user interface.
    1. Open a Web browser and go to the following URL.

      Region

      vRealize Log Insight URL

      Region A

      https://sfo01vrli01.sfo01.rainpole.local

      Region B

      https://lax01vrli01.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  2. In the vRealize Log Insight user interface, click Interactive Analytics.
  3. Click the icon and select Manage Alerts.
  4. Select an alert that is related to NSX .
    1. In the search box of the Alerts dialog box, enter the following alert name as a search phrase.
      VMW_NSX_Firewall critical errors 
    2. Select the alert from the search result and click the Edit icon next to the alert name.
  5. Create an instance of the alert for each NSX Manager in the region using the name of the NSX Manager virtual machine in the query filter.
    1. In the New Alert dialog box, click Run Query.

      A query editor page opens.

    2. Click Add Filter and use the drop-down menus to define the following filter.
      Table 2. Filters for vRealize Log Insight in Region A

      Filter

      Value for Management NSX Alerts in Region A

      Value for Compute NSX Alerts in Region A

      Object type

      vc_vm_name

      vc_vm_name

      Operation

      contains

      contains

      Object

      sfo01m01nsx01

      sfo01w01nsx01

      Table 3. Filters for vRealize Log Insight in Region B

      Filter

      Value for Management NSX Alerts in Region B

      Value for Compute NSX Alerts in Region B

      Object type

      vc_vm_name

      vc_vm_name

      Operation

      contains

      contains

      Object

      lax01m01nsx01

      lax01w01nsx01

    3. Click on the Search icon.
    4. Click the icon and select Create Alert from Query.
    5. In the New Alert dialog box, configure the following alert settings and click Save.
      Table 4. Alerts for vRealize Log Insight in Region A

      Setting

      Value for Management NSX Alert in Region A

      Value for Compute NSX Alert in Region A

      Name

      VMW_NSX_Firewall critical errors (sfo01m01nsx01)

      VMW_NSX_Firewall critical errors (sfo01w01nsx01)

      Description (Recommendation)

      nsx_alert_purpose

      See NSX Alerts in vRealize Log Insight.

      nsx_alert_purpose

      See NSX Alerts in vRealize Log Insight.

      Email

      Email address to send alerts to

      Email address to send alerts to

      Send to vRealize Operations Manager

      Selected

      Selected

      Fallback Object (VMs)

      sfo01m01nsx01

      sfo01w01nsx01

      Criticality

      critical

      critical

      Raise an alert

      On any match

      On any match

      Table 5. Alerts for vRealize Log Insight in Region B

      Setting

      Value for Management NSX Alert in Region B

      Value for Compute NSX Alert in Region B

      Name

      VMW_NSX_Firewall critical errors (lax01m01nsx01)

      VMW_NSX_Firewall critical errors (lax01w01nsx01)

      Description (Recommendation)

      nsx_alert_purpose

      See NSX Alerts in vRealize Log Insight.

      nsx_alert_purpose

      See NSX Alerts in vRealize Log Insight.

      Email

      Email address to send alerts to

      Email address to send alerts to

      Send to vRealize Operations Manager

      Selected

      Selected

      Fallback Object (VMs)

      lax01m01nsx01

      lax01w01nsx01

      Criticality

      critical

      critical

      Raise an alert

      On any match

      On any match

    6. Repeat the steps to create the alert instance for the other NSX Manager in the region.
  6. Repeat Step 3 to Step 5 for the rest of the alerts, configuring two instances of each alert in the region.
  7. Repeat the procedure in vRealize Log Insight to create the alerts for both instances of NSX Managers in the other region.