Configure the NSX-T Edge nodes to send audit logs and system events to vRealize Log Insight.

1. In a Web browser, log in to the NSX-T Manager for the workload domain by using the user interface.

   Setting	Value
   URL	https://sfo01w01nsx01.sfo01.rainpole.local
   User name	admin
   Password	nsx-t_admin_password

2. Retrieve the IDs of the edge transport nodes.
   1. Click System.
   2. In the left navigation pane, under Configuration, click Fabric > Nodes.
   3. Click the Edge transport nodes tab.
   4. On the row for the sfo01w01en01 edge transport node, click the ID value.

      A text box appears showing the transport edge node ID.

   5. Copy the node ID value, node_id_of_sfo01w01en01.
   6. Repeat these steps to retrieve the IDs of the remaining NSX-T Edge nodes.
3. Start the Postman application and log in.
4. Configure the request headers and body.
   1. On the Authorization tab, enter the authorization details.

      Setting	Value
      Type	Basic Auth
      User name	admin
      Password	nsx-t_admin_password

   2. On the Headers tab, enter the header details.

      Setting	Value
      Key	Content-Type
      Key value	application/json

   3. On the Body tab, select the Raw radio-button, and from the Text drop-down menu, select JSON.
   4. In the Body text box, enter the following request body for configuring vRealize Log Insight as a remote syslog server.

      {
            "exporter_name": "syslog1",
            "level": "INFO",
            "port": 514,
            "protocol": "TCP",
            "server": "sfo01vrli01.sfo01.rainpole.local"  
      } 

5. Send the request to each NSX-T Edge node.
   1. In the request pane, provide the URL query for the first Management domain NSX-T Edge and click Send.

      Setting	Value
      HTTP request method	POST
      Request URL	https://sfo01w01nsx01.sfo01.rainpole.local/api/v1/transport-nodes/node_id_of_sfo01w01en01/node/services/syslog/exporters

   2. Repeat this step by sending the log configuration request to the API URL of each of the remaining Workload domain NSX-T Edge nodes.
6. Verify the syslog configuration on each NSX-T Edge node. 
   1. In the request pane, configure the following settings and click Send.

      Setting	Value
      HTTP request method	GET
      Request URL	https://https://sfo01w01nsx01.sfo01.rainpole.local/api/v1/transport-nodes/node_id_of_sfo01m01en01/node/services/syslog/exporters
      Body	None

      When the NSX-T Edge sends a response back, on the Body tab, you see the following message.

      {
        "_schema": "NodeSyslogExporterPropertiesListResult",
        "_self": {
          "href": "/transport-nodes/0d8b168d-44ae-4fba-905a-bf5f7c927d8b/node/services/syslog/exporters",
          "rel": "self"
        },
        "result_count": 1,
        "results": [
          {
            "_schema": "NodeSyslogExporterProperties",
            "_self": {
              "href": "/node/services/syslog/exporters/syslog1",
              "rel": "self"
            },
            "exporter_name": "syslog1",
            "level": "INFO",
            "port": 514,
            "protocol": "TCP",
            "server": "sfo01vrli01.sfo01.rainpole.local"
          }
        ]
      }

   2. Verify that the value of the server element is sfo01vrli01.sfo01.rainpole.local.
   3. Repeat this step by sending the log verification request to the request URL of each of the remaining Workload domain NSX-T Edge nodes.
7. If there are other workload domains with NSX-T Manager that are added to the SDDC, repeat the procedure for each additional Workload domain NSX-T Edge nodes.