Logging NSX with Log Insight

As you may know, there is a NSX for vSphere content pack available for Log Insight. Of course in order for the content pack to work you need to configure NSX to point to Log Insight. This requires configuring three different locations in two different way so I figured I would put a quick post together. Read on to learn more!

li-logo

Architecture

First, it is important to note that the NSX architecture is made up of three key components:

  1. A single manager
  2. One or more controllers
  3. One or more edges

Each of these components need to be configured to log to Log Insight.

Manager

NSX Manager supports a single syslog destination and configuration can be done from the General section of the Manage tab.

li-nsx-manager

Controller

Each NSX Controller supports a single syslog destination and configuration can only be done via an API call. For more information, see this KB.

Edge

Each NSX Edge supports up to two syslog destinations and configuration can be done from the Settings section of the Manage tab from the vSphere client.

li-nsx-edge-syslog

Other

There are a couple other important notes to keep in mind:

  1. Many NSX for vSphere events are actually logged by the hypervisor so in order to fully leverage the content pack for Log Insight, it is important that all ESXi hosts running NSX log to Log Insight as well. This can be done through vSphere integration.
  2. Every time a new controller or edge comes online it needs to be manually configured to log to Log Insight — this should be added to your (automated) configuration process to ensure it is not missed.

Configuration

Given the above information you may be wondering if there are some easy way to configure NSX to log to Log Insight. One option is via the NSX management pack for vRealize Operations Manager. During the configuration of the management pack you have the option to “Enable Log Insight integration if configured”. This boolean option will configure NSX Manager and all NSX Controllers to log to Log Insight — NSX Edge would still need to be done separately today.li-vrops-nsx-integration

The other option is to use a script to perform the actions. While I have not used it, you can find a PowerShell one here.

Summary

As you can see, there a three places and two different ways required to configure NSX to log to Log Insight. In addition, it is important to collect hypervisor logs as they will contain NSX events as well. Consider using the NSX management pack for vRealize Operations Manager to handle configuration of NSX Manager and NSX Controllers. It is critical to ensure that configuration of syslog from NSX is part of your (automated) configuration process.

© 2015 – 2016, Steve Flanders. All rights reserved.

Leave a Reply