Configure the NSX Controller Nodes to Forward Log Events to vRealize Log Insight in Region A

Configure the NSX Controller nodes to forward log information to vRealize Log Insight by using the NSX REST API. To enable log forwarding, you can use a REST client, such as the Postman application.

First, you retrieve the IDs of the NSX Controller nodes, controller-1, controller-2, and controller-3. Then, you send a request to each NSX Controller node to configure vRealize Log Insight as a remote syslog server.

Table 1. Management Domain NSX Controller Nodes
NSX Manager	NSX Controller in the Controller Cluster	Request URL for the NSX Controller Syslog Service
sfo01m01nsx01.sfo01.rainpole.local	NSX Controller 1	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/`controller-1`/syslog
	NSX Controller 2	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/`controller-2`/syslog
	NSX Controller 3	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/`controller-3`/syslog

Procedure

Log in to the host machine that has access to your data center.
Start the Postman application and log in.

Configure the headers for requests to the NSX Manager.

On the Authorization tab, enter the authorization details.


Setting	Value
Type	Basic Auth
User name	admin
Password	`nsx_admin_password`

On the Headers tab, enter the header details.


Setting	Value
Key	Content-Type
Key value	application/xml

Retrieve the IDs of the NSX Controller nodes associated with the Management domain NSX Manager.

In the request pane, provide the URL query for the NSX Manager and click Send.


Setting	Value
HTTP request method	GET
Request URL	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller
Body	`None`

The Postman application sends a query to the NSX Manager about the installed NSX Controller nodes.

When the NSX Manager sends a response back, click the Body tab in the response pane.

The response body contains a root <controllers> XML element that groups the details about the three controllers that form the controller cluster.
Within the <controllers> element, locate the <controller> element for each NSX Controller node and write down the content of the <id> element.

NSX Controller IDs have the controller-id format where id represents the sequence number of the controller in the cluster, for example, controller-1, controller-2, and controller-3.

You can form the request URLs for the NSX Controller nodes.

For each NSX Controller, send a request to configure vRealize Log Insight as a remote syslog server.

In the request pane, provide the URL query for the first NSX Controller and click Send.


Setting	Value
HTTP request method	POST
Request URL	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/`controller-1`/syslog

On the Body tab, select the Raw radio-button, and from the Text drop-down menu, select XML (Application/XML).

In the Body text box, enter the following request body for configuring vRealize Log Insight as a remote syslog server, and click Send.

<controllerSyslogServer>
   <syslogServer>192.168.31.10</syslogServer>
   <port>514</port>
   <protocol>TCP</protocol>
   <level>INFO</level>
</controllerSyslogServer>

Repeat these steps for the remaining NSX Controllers.

Verify the syslog configuration on each NSX Controller.

In the request pane, provide the URL query for the first NSX Controller and click Send.


Setting	Value
HTTP request method	GET
Request URL	https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/vdn/controller/`controller-1`/syslog
Body	`None`

When the NSX Controller sends a response back, click the Body tab in the response pane.

The response body contains a root <controllerSyslogServer> element, which represents the settings for the remote syslog server on the NSX Controller.
Verify that the value of the <syslogServer> element is 192.168.31.10.
Repeat these steps for the remaining NSX Controllers.

If there are workload domains with NSX Data Center for vSphere that are added to the SDDC, repeat the procedure for each Workload domain NSX Manager.