Configure the NSX-T Managers to send audit logs and system events to vRealize Log Insight.

Use the Postman application to configure log forwarding for all NSX-T Managers in the region by sending a post request to each NSX-T Manager.

Table 1. Workload domain NSX-T Managers in Region A

NSX Manager Host Name

Request URL for the NSX Manager Syslog Service

sfo01w01nsx01a.sfo01.rainpole.local

https://sfo01w01nsx01a.sfo01.rainpole.local/api/v1/node/services/syslog/exporters

sfo01w01nsx01b.sfo01.rainpole.local

https://sfo01w01nsx01b.sfo01.rainpole.local/api/v1/node/services/syslog/exporters

sfo01w01nsx01c.sfo01.rainpole.local

https:/sfo01w01nsx01c.sfo01.rainpole.local/api/v1/node/services/syslog/exporters

Procedure

  1. Log in to the host machine that has access to your data center.
  2. Start the Postman application and log in.
  3. Configure the request headers and body.
    1. On the Authorization tab, enter the authorization details.

      Setting

      Value

      Type

      Basic Auth

      User name

      admin

      Password

      nsx-t_admin_password

    2. On the Headers tab, enter the header details.

      Setting

      Value

      Key

      Content-Type

      Key value

      application/json
    3. On the Body tab, select the Raw radio-button, and from the Text drop-down menu, select JSON.
    4. In the Body text box, enter the following request body for configuring vRealize Log Insight as a remote syslog server. 
      {
      "exporter_name": "syslog1",
      "level": "INFO",
      "port": 514,
      "protocol": "TCP",
      "server": "sfo01vrli01.sfo01.rainpole.local"  
}
  4. Send the request to each NSX-T Manager.
    1. In the request pane, provide the URL query for the Workload domain NSX-T Manager and click Send.

      Setting

      Value

      HTTP request method

      POST

      Request URL

      https://sfo01w01nsx01a.sfo01.rainpole.local/api/v1/node/services/syslog/exporters
    2. Repeat this step by sending the log configuration request to the request URL of each of the remaining Workload domain NSX-T Managers.

    The log data appears on the vRealize Log Insight Dashboards page, under Content pack dashboards, on the VMware - NSX-T > NSX-Infrastructure page.

  5. Verify the syslog configuration on each NSX-T Manager. 
    1. In the request pane, configure the following settings and click Send.

      Setting

      Value

      HTTP request method

      GET

      Request URL

      https://sfo01w01nsx01a.sfo01.rainpole.local/api/v1/node/services/syslog/exporters

      Body

      None

      When the NSX-T Manager appliance sends a response back, on the Body tab, you see the following message.

      {
  "_schema": "NodeSyslogExporterPropertiesListResult",
  "_self": {
    "href": "/node/services/syslog/exporters",
    "rel": "self"
  },
  "result_count": 1,
  "results": [
    {
      "_schema": "NodeSyslogExporterProperties",
      "_self": {
        "href": "/node/services/syslog/exporters/syslog1",
        "rel": "self"
      },
      "exporter_name": "syslog1",
      "level": "INFO",
      "port": 514,
      "protocol": "TCP",
      "server": "sfo01vrli01.sfo01.rainpole.local"
    }
  ]
}
    2. Verify that the value of the server element is sfo01vrli01.sfo01.rainpole.local.
    3. Repeat this step by sending the log verification request to the request URL of each of the remaining Workload domain NSX-T Managers.
  6. If there are other workload domains with NSX-T Data Center that are added to the SDDC, repeat the procedure for each additional Workload domain NSX-T Manager.