Configure NSX-T Managers for sending syslogs to VMware Aria Operations for Logs

I recently rebuilt my Home Lab and setting up NSX-T 4.0.1.1 Again. Here is the process I used to setup NSX-T Managers to send system logs to VMware Aria Operations for Logs (formerly VMware vRealize Log Insight, vRLI) 8.10.2

Prereqs

This requires that you have NSX-T and VMware Aria Operations for Logs already stood up and operational. It is strongly recommended that you have your Web SSL certificates updated on both systems prior to continuing (did you see my blog about installing SSL Certificates for NSX-T?)

You will need a SSL Client like Putty to SSH into the NSX Manager Nodes to run a command to set syslog up

https://www.putty.org/

Step 1

Step 2

Click on Content Packs > Marketplace > VMware - NSX

Step 3

Check the I agree box and Click on Install

Step 4

Review all the Setup Instructions and Click OK

Step 5

(Optional) Document the IPv4 Address of the Aria Operations For Logs VIP. You can also use the FQDN of the vRLI VIP Instance, but understand that DNS must be operational for logs to be sent to this address.

Step 6

Open Putty and SSH to each NSX Manager Node FQDN/IP. Login with the admin account.

Step 7

Type in the below command to set the logging level (make sure you do this as admin and NOT root). This command is configurable based on your vRLI instance/configuration.

Command:

set logging-server <vRLI-FQDN> proto tcp level info

More details on this command here:

Service Restart CLI Command:

get service cm-inventory

restart service cm-inventory

Command to validate settings:

get logging-server

Step 8

Repeat Step 7 for the other NSX Manager Nodes

Step 9

Time to Validate your work! Go to VMware Aria Operations for Logs > Management > Hosts, Search for your 3 NSX Managers by short name.

If they show like below, you are correctly gathering logs for the NSX Managers. You can click on 1 of the hostnames and look at more detailed logs coming from the manager.