È possibile configurare appliance NSX, Edge NSX e hypervisor per l'invio di messaggi di registro a un server di registrazione remoto.

La registrazione remota è supportata in NSX Manager, NSX Edge e negli hypervisor. È necessario configurare la registrazione remota in ogni nodo singolarmente.

Per il parametro del protocollo, le opzioni sono UDP, TCP, LI e i protocolli sicuri TLS e LI-TLS. Un server di registrazione Log Insight supporta tutti i protocolli. I protocolli LI e LI-TLS possono essere utilizzati solo se il server di registro è Log Insight. Il vantaggio dell'utilizzo di LI o LI-TLS è che ottimizzano l'utilizzo della rete. Se il server di registrazione è Log Insight, è consigliabile utilizzare LI o LI-TLS. Se LI non può essere utilizzato, TCP ha il vantaggio di essere più affidabile, mentre UDP ha il vantaggio di richiedere meno sovraccarico del sistema e della rete.

Prerequisiti

  • Acquisire familiarità con il comando della CLI set logging-server. Per ulteriori informazioni, vedere il Informazioni di riferimento sull'interfaccia della riga di comando NSX.
  • Se si specifica il protocollo sicuro TLS o LI-TLS, i certificati del server e del client devono essere archiviati in /image/vmware/nsx/file-store in ogni appliance di NSX. Si noti che i certificati nell'archivio file sono necessari solo se l'esportatore è configurato utilizzando la CLI di NSX. Se si utilizza l' API, non è necessario utilizzare l'archivio file. Una volta completata la configurazione dell'esportatore syslog, è necessario eliminare tutti i certificati e le chiavi da questa posizione per evitare potenziali vulnerabilità della sicurezza.
  • Per configurare una connessione sicura a un server di registrazione, verificare che il server sia configurato con certificati firmati dall'autorità di certificazione. Ad esempio, se come server di registrazione si utilizza un server vrli.prome.local Log Insight, è possibile eseguire il comando seguente da un client per visualizzare la catena di certificati nel server:
    echo -n | openssl s_client -connect vrli.prome.local:443  | sed -ne '/^Certificate chain/,/^---/p'

    Ad esempio:

    root@caserver:~# echo -n | openssl s_client -connect vrli.prome.local:443  | sed -ne '/^Certificate chain/,/^---/p'
    depth=2 C = US, L = California, O = GS, CN = Orange Root Certification Authority
    verify error:num=19:self signed certificate in certificate chain
    Certificate chain
     0 s:/C=US/ST=California/L=HTG/O=GSS/CN=vrli.prome.local
       i:/C=US/L=California/O=GS/CN=Green Intermediate Certification Authority
     1 s:/C=US/L=California/O=GS/CN=Green Intermediate Certification Authority
       i:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
     2 s:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
       i:/C=US/L=California/O=GS/CN=Orange Root Certification Authority
    ---
    DONE

Procedura

  1. Per configurare la registrazione remota in un'appliance NSX o un NSX Edge:
    1. Eseguire il seguente comando per configurare un server di registrazione e i tipi di messaggi da inviare a tale server. È possibile specificare più funzionalità o ID messaggio come elenco delimitato da virgole, senza spazi.
      set logging-server <hostname-or-ip-address[:port]> proto <proto> level <level> [facility <facility>] [messageid <messageid>] [serverca <filename>] [clientca <filename>] [certificate <filename>] [key <filename>] [structured-data <structured-data>]
      È possibile eseguire il comando più volte per aggiungere più configurazioni. Ad esempio:
      set logging-server 192.168.110.60 proto udp level info facility local6 messageid SYSTEM,FABRIC
      set logging-server 192.168.110.60 proto udp level info facility auth,user
      Per inoltrare solo registri di controllo al server remoto, specificare audit="true" nel parametro structured-data. Ad esempio:
      set logging-server <server-ip> proto udp level info structured-data audit="true"
      Tutti i registri NSX utilizzano la funzionalità local6. Si consiglia di utilizzare i filtri messageid e structured-data solo quando il filtro delle funzionalità non è impostato o quando local6 è incluso nelle funzionalità specificate.
    2. Configurare l'accesso remoto sicuro:
      • Per configurare la registrazione remota sicura utilizzando il protocollo LI-TLS, specificare il parametro proto li-tls. Ad esempio:
        set logging-server vrli.prome.local proto li-tls level info messageid SWITCHING,ROUTING,FABRIC,SYSTEM,POLICY,HEALTHCHECK,SHA,MONITORING serverca intermed-ca-full-chain.crt

        Se la configurazione viene completata correttamente, viene visualizzato un prompt senza alcun testo. Per visualizzare il contenuto della catena di certificati del server (intermedio seguito da root), accedere come root ed eseguire il comando seguente:

        keytool -printcert -file /image/vmware/nsx/file-store/intermed-ca-full-chain.crt
        Ad esempio,
        root@nsx1:~# keytool -printcert -file /image/vmware/nsx/file-store/intermed-ca-full-chain.crt
        Certificate[1]:
        Owner: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd2
        Valid from: Sun Mar 15 00:00:00 UTC 2020 until: Mon Mar 17 00:00:00 UTC 2025
        Certificate fingerprints:
          MD5:  94:C8:9F:92:56:60:EB:DB:ED:4B:11:17:33:27:C0:C9
          SHA1: 42:9C:3C:51:E8:8E:AC:2E:5E:62:95:82:D7:22:E0:FB:08:B8:64:29
          SHA256: 58:B8:63:3D:0C:34:35:39:FC:3D:1E:BA:AA:E3:CE:A9:C0:F3:58:53:1F:AD:89:A5:01:0D:D3:89:9E:7B:C5:69
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[2]:
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
          MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
          SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
          SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        I registri delle condizioni di esito positivo ed esito negativo si trovano in /var/log/loginsight-agent/liagent_2020-MM-DD-<file-num>.log. Se la configurazione viene eseguita correttamente, è possibile visualizzare la configurazione di Log Insight con il comando seguente:
        cat /var/lib/loginsight-agent/liagent-effective.ini
        Ad esempio,
        root@nsx1:/image/vmware/nsx/file-store# cat /var/lib/loginsight-agent/liagent-effective.ini
        ; Dynamic file representing the effective configuration of VMware Log Insight Agent (merged server-side and client-side configuration)
        ;     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
        ; Creation time: 2020-03-22T19:41:21.648800
         
        [server]
        hostname=vrli.prome.local
        proto=cfapi
        ssl=yes
        ssl_ca_path=/config/vmware/nsx-node-api/syslog/bb466082-996f-4d77-b6e3-1fa93f4a20d4_ca.pem
        ssl_accept_any_trusted=yes
        port=9543
        filter={filelog; nsx-syslog; pri_severity <= 6 and ( msgid == "SWITCHING" or msgid == "ROUTING" or msgid == "FABRIC" or msgid == "SYSTEM" or msgid == "POLICY" or msgid == "HEALTHCHECK" or msgid == "SHA" or msgid == "MONITORING" )}
         
        [filelog|nsx-syslog]
        directory=/var/log
        include=syslog;syslog.*
        parser=nsx-syslog_parser
         
        [parser|nsx-syslog_parser]
        base_parser=syslog
        extract_sd=yes
         
        [update]
        auto_update=no
      • Per configurare la registrazione remota sicura utilizzando il protocollo TLS, specificare il parametro proto tls. Ad esempio:
        set logging-server vrli.prome.local proto tls level info serverca Orange-CA.crt.pem clientca Orange-CA.crt.pem certificate gc-nsxt-mgr-full.crt.pem key gc-nsxt-mgr.key.pem
        Si tenga presente quanto segue:
        • Per il parametro serverCA, è necessario solo il certificato root e non l'intera catena.
        • Se clientCA è diverso da serverCA, è necessario solo il certificato root.
        • Il certificato deve contenere la catena completa di NSX Manager (devono essere conformi a NDcPP - EKU, BASIC e CDP (CDP: questo controllo può essere ignorato)).
        È possibile ispezionare il contenuto di ogni certificato con il comando keytool. Ad esempio,
        keytool -printcert -file /image/vmware/nsx/file-store/Orange-CA.crt.pem
        keytool -printcert -file gc-nsxt-mgr-full.crt.pem
        Output di esempio:
        root@gc3:~# keytool -printcert -file /image/vmware/nsx/file-store/Orange-CA.crt.pem
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
          MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
          SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
          SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        root@gc3:~#
         
        root@gc3:/image/vmware/nsx/file-store# keytool -printcert -file gc-nsxt-mgr-full.crt.pem
        Certificate[1]:
        Owner: CN=gc.prome.local, O=GS, L=HTG, ST=California, C=US
        Issuer: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Serial number: bdf43ab31340b87f323b438a2895a075
        Valid from: Mon Mar 16 07:26:51 UTC 2020 until: Wed Mar 16 07:26:51 UTC 2022
        Certificate fingerprints:
                MD5:  36:3C:1F:57:96:07:84:C0:6D:B7:33:9A:8D:25:4D:27
                SHA1: D1:4E:F9:45:2D:0D:34:79:D2:B4:FA:65:28:E0:5C:DC:74:50:CA:3B
                SHA256: 3C:FF:A9:5D:AA:68:44:44:DD:07:2F:DD:E2:BE:9C:32:19:7A:03:D5:26:8D:5F:AD:56:CA:D2:6C:91:96:27:6F
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[2]:
        Owner: CN=Green Intermediate Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd2
        Valid from: Sun Mar 15 00:00:00 UTC 2020 until: Mon Mar 17 00:00:00 UTC 2025
        Certificate fingerprints:
                MD5:  94:C8:9F:92:56:60:EB:DB:ED:4B:11:17:33:27:C0:C9
                SHA1: 42:9C:3C:51:E8:8E:AC:2E:5E:62:95:82:D7:22:E0:FB:08:B8:64:29
                SHA256: 58:B8:63:3D:0C:34:35:39:FC:3D:1E:BA:AA:E3:CE:A9:C0:F3:58:53:1F:AD:89:A5:01:0D:D3:89:9E:7B:C5:69
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Certificate[3]:
        Owner: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Issuer: CN=Orange Root Certification Authority, O=GS, L=California, C=US
        Serial number: 3e726e7fbb3b0a7a6b4edd767f867fd1
        Valid from: Mon Mar 16 07:16:07 UTC 2020 until: Fri Mar 10 07:16:07 UTC 2045
        Certificate fingerprints:
                MD5:  ED:AC:F1:7F:88:05:83:2A:83:C0:09:03:D5:00:CA:7B
                SHA1: DC:B5:3F:37:DF:BD:E0:5C:A4:B7:F4:4C:96:12:75:7A:16:C7:61:37
                SHA256: F2:5B:DE:8A:F2:31:9D:E6:EF:35:F1:30:6F:DA:05:FF:92:B4:15:96:AA:82:67:E3:3C:C1:69:A3:E5:27:B9:A5
        Signature algorithm name: SHA256WITHRSA
        Subject Public Key Algorithm: 4096-bit RSA key
        Version: 3
        Esempi di registrazioni riuscite in /var/log/syslog:
        <182>1 2020-03-22T21:54:34.501Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created CA PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:36.269Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created client CA PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_client_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:36.495Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert issuer = /C=US/L=California/O=GS/CN=Green IntermediateCertification Authority
        <182>1 2020-03-22T21:54:36.514Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert subject = /C=US/ST=California/L=HTG/O=GS/CN=gc.promelocal
        <182>1 2020-03-22T21:54:36.539Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] certificate trust check succeeded. status: 200, result:{'status': 'OK'}
        <182>1 2020-03-22T21:54:36.612Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] Certificate already exists, skip import
        <182>1 2020-03-22T21:54:37.322Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created certificate PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_cert.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:54:38.020Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created key PEM file /config/vmwarensx-node-api/syslog/92a78d8a-acfd-4515-b05a-2927b70ae920_key.pem for logging server vrli.prome.local:6514
        Esempi di registrazioni non riuscite in /var/log/syslog:
        <182>1 2020-03-22T21:33:30.424Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully created client CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_client_ca.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:33:30.779Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert issuer = /C=US/L=California/O=GS/CN=Green IntermediateCertification Authority
        <182>1 2020-03-22T21:33:30.803Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] cert subject = /C=US/ST=California/L=HTG/O=GS/CN=gc.promelocal
        <179>1 2020-03-22T21:33:30.823Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="ERROR" errorCode="NODE10"] Certificate trust check failed. status:200, result: {'error_message': 'Certificate CN=gc.prome.local,O=GS,L=HTG,ST=California,C=US was not verifiably signed by CN=gc.prome.local,O=GS,L=HTG,ST=California,C=US: certificate does not verifywith supplied key', 'status': 'ERROR'}
        <179>1 2020-03-22T21:33:30.824Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="ERROR" errorCode="NODE10"] Failed to create certificate PEM file config/vmware/nsx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_cert.pem for logging server vrli.prome.local:6514
        <182>1 2020-03-22T21:33:31.578Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully deleted CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_ca.pem
        <182>1 2020-03-22T21:33:32.342Z gc3.prome.local NSX 5187 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="admin" level="INFO"] Successfully deleted client CA PEM file /config/vmwarensx-node-api/syslog/76332782-1ec6-483a-95d4-2adeaf2ef112_ca.pem
        <182>1 2020-03-22T21:33:32.346Z gc3.prome.local NSX 16698 - [nsx@6876 comp="nsx-cli" subcomp="node-mgmt" username="admin" level="INFO" audit="true"] CMD: set logging-server vrli.prome.local prototls level info serverca Orange-CA.crt.pem clientca Orange-CA.crt.pem certifi
        cate gc-nsxt-mgr.crt.pem key gc-nsxt-mgr.key.pem (duration: 6.365s), Operation status: CMD_EXECUTED
        È possibile verificare se il certificato e la chiave privata corrispondono al comando seguente. Ad esempio:
        diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr.key.pem -pubout)
        Se il certificato e la chiave privata corrispondono, l'output sarà writing RSA key. Qualsiasi altro output significa che non corrispondono. Ad esempio, se il certificato e la chiave privata corrispondono, l'output sarà il seguente:
        root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr.key.pem -pubout)
        writing RSA key
        Esempio di chiave privata danneggiata:
        root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/gc-nsxt-mgr-corrupt.key.pem -pubout)
        unable to load Private Key
        140404188370584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
        140404188370584:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1205:
        140404188370584:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=RSA
        140404188370584:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:119:
        140404188370584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
        140404188370584:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1205:
        140404188370584:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=PKCS8_PRIV_KEY_INFO
        140404188370584:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:
        1,14d0
        < -----BEGIN PUBLIC KEY-----
        < MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3yH7pZidfkLrEP3zVa9
        < EcOKXlFFjkThZRZMfguenlm8s6QHYVvuUX8IRB48Li3/DUfOj0bzaPWktpv+Q2P0
        < N/j4LoX2RzjV/DPxYfLP6GMNMc21L3s9ruBeWUthtUP8khCWd2d2rZ09cUZVl0P9
        < kIYBb5RMFC7Z1OUtH3bKdepEf+sXz3DaKZ/WySzYq9x86QDaA3ABO3Q0i7txBscI
        < FvXuMDOMQaC3pPp9FWO6IPRAWB57wahLJv6K5qGIfwubSBFg53grT4snf1lDZAhZ
        < 9hz5JgGr80GVyWyb7rgigpl9iUWAZx8U9De9XoxmvBN5iEGTIuKGaEgICL176crb
        < RMkhjnCqNHI+z6sQvpYJ7U0zZc72eBIWoHUkcWWk3eU6Oy4OiyW6jYuXG7hZYlly
        < nSkme3mZUWJKvcoX05+3zeCP623/HzE7X2sNyWFjzeF3XEvauZrIbsJh/xp2ShDa
        < uKKEY0gUGhLtCa3TpV9l8d6tFWVy8XjVjdjoVt4s7MfUo/airVmRykfsWrKyNUOQ
        < qRZvSbqjt8pm+3bSvKdXX4ul7ptPG2GF20ETWHPwjk2JwQpGhR9zK8fsKzvm6hXi
        < kq76zI4FefuVps3e1r39+0F+p6d6i2oUoo24sC1iSePTDhU74efVp6iv8HmnDgYX
        < Ylm6Kusr0JT5TJFDfASmrj8CAwEAAQ==
        < -----END PUBLIC KEY-----
        Esempio di chiave privata e certificato validi ma non compatibili:
          root@caserver:~/server-certs# diff  <(openssl x509 -in certs/gc-nsxt-mgr.crt.pem -pubkey -noout) <(openssl rsa -in private/vrli.key.pem -pubout)
          writing RSA key
          2,13c2,13
          < MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3yH7pZidfkLrEP3zVa9
          < EcOKXlFFjkThZRZMfguenlm8s6QHYVvuUX8IRB48Li3/DUfOj0bzaPWktpv+Q2P0
          < N/j4LoX2RzjV/DPxYfLP6GMNMc21L3s9ruBeWUthtUP8khCWd2d2rZ09cUZVl0P9
          < kIYBb5RMFC7Z1OUtH3bKdepEf+sXz3DaKZ/WySzYq9x86QDaA3ABO3Q0i7txBscI
          < FvXuMDOMQaC3pPp9FWO6IPRAWB57wahLJv6K5qGIfwubSBFg53grT4snf1lDZAhZ
          < 9hz5JgGr80GVyWyb7rgigpl9iUWAZx8U9De9XoxmvBN5iEGTIuKGaEgICL176crb
          < RMkhjnCqNHI+z6sQvpYJ7U0zZc72eBIWoHUkcWWk3eU6Oy4OiyW6jYuXG7hZYlly
          < nSkme3mZUWJKvcoX05+3zeCP623/HzE7X2sNyWFjzeF3XEvauZrIbsJh/xp2ShDa
          < uKKEY0gUGhLtCa3TpV9l8d6tFWVy8XjVjdjoVt4s7MfUo/airVmRykfsWrKyNUOQ
          < qRZvSbqjt8pm+3bSvKdXX4ul7ptPG2GF20ETWHPwjk2JwQpGhR9zK8fsKzvm6hXi
          < kq76zI4FefuVps3e1r39+0F+p6d6i2oUoo24sC1iSePTDhU74efVp6iv8HmnDgYX
          < Ylm6Kusr0JT5TJFDfASmrj8CAwEAAQ==
          ---
          > MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqvsjay7+o7gCW7szT3ho
          > bC34XX2l6u5Jl4/X/pUDI/YHmIf06bsZ1r/l4bTL4Q7BM6+9MI6UYEE7DxUoINGO
          > o4FEEQE32KWVFe3gw3homHU39q4pQjsJsxTcTE3oDMlIY0nWJ0PRUst3DffyUH1L
          > W0NUN9YdN+fAl2Uf021iuDqVy9V8AH3ON6fu+QCA8nt71ZkzeTxSA0ldpl2NA17F
          > rD8rm05wxnV7WtuV7V8PstISiClzhHgZRMl+B0r30OitnyAzEGLaRT3//PKfe0Oe
          > HCdxGMlrUtMqxIItJahEsqvMufyqNYecVscyXLHPelizKCsQfy8cO8LnznG8VAdc
          > YILSn3uYGZap6aF1SgVxsvZicwvlYnssmgE13Af0nScmfM96k9h5joHVEkWK6O8v
          > oT5DGG1kVL2Qly97x0b6EnzUorzivv5zJMKvFcOektR8HdMHQit5uvmMRY3S5zow
          > FtvfSDfWxxKyTy6GBrpP+8F+Jq91yGy/qa9lhKBzT2lg+rJp7T8k7/Nm9Tjyx7jL
          > EqgEKZEL4chxpo8ucF98hbvXWRuaFHC2iDzGuUmuS1FfjVvHTuIbEMQfjapLZrHx
          > 8jHfOP/PL+6kPbvNZZ2rTpczuEoGTQFFW9vX48GzIEyMeR6QWpPR0F7r4xak68P5
          > 2PJmMveinDhU35IqWEXHAwcCAwEAAQ==
    3. Per visualizzare la configurazione della registrazione, eseguire il comando seguente:
      get logging-server
      Ad esempio,
      nsx> get logging-servers
      192.168.110.60 proto udp level info facility local6 messageid SYSTEM,FABRIC
      192.168.110.60 proto udp level info facility auth,user
    4. Per cancellare la configurazione della registrazione remota, eseguire il comando seguente:
      clear logging-servers
  2. Per configurare la registrazione remota in un host ESXi:
    1. Eseguire i comandi seguenti per configurare syslog e inviare un messaggio di prova:
      esxcli network firewall ruleset set -r syslog -e true
      esxcli system syslog config set --loghost=udp://<log server IP>:<port> --log-level=info
      esxcli system syslog reload
      esxcli system syslog mark -s "This is a test message"
    2. È possibile eseguire il comando seguente per visualizzare la configurazione:
      esxcli system syslog config get