Integrate VMware NSX in Log Insight

VMware Log Insight provides an easy, at a glance, view of an entire VMware environment including NSX and other components. Additional available content packs provide predefined knowledge about events. Problems with a vSphere environment can be identified by simply looking at the Overview dashboard.
nsx-log-insight-integrationThis post describes how to integrate all NSX Components into VMware Log Insight.

NSX Content Pack Installation
VMware Log Insight basically works without Content Packs, but it is highly recommended to install the Content Pack if you want to integrate NSX. Content packs are plugins that provide predefined knowledge about events.

  1. Login to VMware Log Insight web interface
  2. Open the menu in the right upper corner and select Content Packs
  3. Locate the VMware – NSX-vSphere Content Pack
  4. Accept the License Agreement and click Installinstall-nsx-content-pack

Log Forwarding
VMware Log Insight acts as Syslog server. To fully integrate your NSX platform into Log Insight, logs from the following sources needs to be forwarded:

  • ESXi Hosts
  • NSX Manager
  • NSX Controllers
  • NSX Edges

Forward ESXi Hosts Logs to Log Insight
Syslog config on ESXi Hosts are configured during the initial Log Insight installation, so they should be already configured. You can verify syslog configuration on an ESXi Host with

esxcli system syslog config get

Log Insight can automatically add all ESXi Hosts that are in the vCenter Server Inventory. Open the Log Insight web interface and navigate to Administration > Integration > vSphere and enter vCenter Server connection details.

Forward NSX Manager Logs to Log Insight
NSX Manger Syslog settings are configured in the appliance configuration, not in the vSphere Web Client.

  1. Log in to the NSX Manager virtual appliance (https://[NSX-Manager]/)
  2. Open Manage Appliance Settings
  3. Within Settings > General panel click Edit next to Syslog Server
  4. Enter IP address, Port and Protocol of the Log Insight server. The default syslog port is 514/UDP. You can also use the DNS name here, but I prefer to use IP addresses as syslog destinations. This allows syslog to function even when the DNS is down.
  5. Click OK

NSX Manager Logs are now forwarded to Log Insight.

Forward NSX Controller Logs to Log Insight
The only supported method on configuring the syslog server on NSX controllers is through the NSX API. To use the API, you need a REST Client. Syslog settings have to be configured on each controller.

  1. Identify NSX Controller IDs. Open the vSphere Web Client and navigate to Network and Security > Installation > NSX Controller nodes. Controller IDs in this example are:- controller-1
    – controller-2
    – controller-3
  2. If you don’t already have a REST Client, you can install Advanced REST client from the chrome web store.
  3. Prepare the REST Request:Method: POST
    URL: https://[NSX-Manager]/api/2.0/vdn/controller/[Controller-ID]/syslog
    Authorization: NSX Manager Login
    Content-Type: application/xml

  4. When using the Advanced REST client, the call should look like this:
  5. Repeat Step 3+4 for all NSX Controllers

NSX Controller Logs are now forwarded to Log Insight.

Forward NSX Edge Logs to Log Insight
NSX Edge Syslog settings are configured in the vSphere Web Client. Syslog settings have to be configured on each Edge.

  1. Open the vSphere Web Client, navigate to Network and Security > NSX Edges and double-click the Edge Gateway
  2. Navigate to Manage > Settings > Configuration and click Change next to Syslog servers
  3. Enter IP address of the Log Insight server and set the protocol to udp
  4. Repeat Step 1+3 for all NSX Edges

NSX Edge Gateway Logs are now forwarded to Log Insight.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>