Configure NSX-T Managers for sending syslogs to VMware Aria Operations for Logs
I recently rebuilt my Home Lab and setting up NSX-T 22.214.171.124 Again. Here is the process I used to setup NSX-T Managers to send system logs to VMware Aria Operations for Logs (formerly VMware vRealize Log Insight, vRLI) 8.10.2
This requires that you have NSX-T and VMware Aria Operations for Logs already stood up and operational. It is strongly recommended that you have your Web SSL certificates updated on both systems prior to continuing (did you see my blog about installing SSL Certificates for NSX-T?)
You will need a SSL Client like Putty to SSH into the NSX Manager Nodes to run a command to set syslog up
Login to VMware Aria Operations for Logs (I would recommend with the local admin account)
Click on Content Packs > Marketplace > VMware - NSX
Check the I agree box and Click on Install
Review all the Setup Instructions and Click OK
(Optional) Document the IPv4 Address of the Aria Operations For Logs VIP. You can also use the FQDN of the vRLI VIP Instance, but understand that DNS must be operational for logs to be sent to this address.
Open Putty and SSH to each NSX Manager Node FQDN/IP. Login with the admin account.
Type in the below command to set the logging level (make sure you do this as admin and NOT root). This command is configurable based on your vRLI instance/configuration.
set logging-server <vRLI-FQDN> proto tcp level info
More details on this command here:
# set logging-server <Log Insight server[:port]> proto <tcp|udp|tls|li|li-tls> level <alert|crit|debug|emerg|err|info|notice|warning> [facility <#>] [messageid <id>] [structured-data <structured-data>] [certificate <cert>]
Service Restart CLI Command:
get service cm-inventory
restart service cm-inventory
Command to validate settings:
Repeat Step 7 for the other NSX Manager Nodes
Time to Validate your work! Go to VMware Aria Operations for Logs > Management > Hosts, Search for your 3 NSX Managers by short name.
If they show like below, you are correctly gathering logs for the NSX Managers. You can click on 1 of the hostnames and look at more detailed logs coming from the manager.