NSX-T Syslog Configuration Revisited

Intro

A couple of years ago I wrote this https://vdives.com/2020/12/28/nsx-t-syslog-configuration/ to cover the configuration of syslog on the NSX Managers and Edge Nodes as at the time there was no way to configure it within the UI. Instead it had to be done manually on each edge node and on the NSX Manager, while this wasn’t too bad it all depends on how many Edges you have as a manual process it’s prone to typo mistakes and misconfiguration.

VMware I presume were aware of this issue and as such in release 3.2 they added the ability to set this configuration in the UI instead, unless you read the release notes or went through the 3.2 admin guide it is possible you are not aware of this feature, I still see deployments that have configured the syslog the old way rather than via the UI.

Having said that the UI method will affect all Managers and Edges with the same settings so there is still a viable reason for doing it manually if you require different settings for different edges for example.

Manual Syslog configuration

As a brief reminder here is how we set and check the syslog configuration on the NSX manager

NSXTMan01> set logging-server 192.168.10.8 proto udp level info
            WARNING - You are configuring udp-based log forwarding. This will send sensitive information unencrypted over the network. The Splunk App for NSX-T only accepts TLS connections.

NSXTMan01> get logging-servers 
Fri Jan 20 2023 UTC 11:32:36.970
192.168.10.8:514 proto udp level info exporter_name 878f1e3d-eac1-4028-bc13-f9b0bafb10f4

This is how we manually set the syslog configuration on an Edge which is the same process as a manager.

DCA-EN01a> set logging-server 192.168.10.8 proto udp level info
            WARNING - You are configuring udp-based log forwarding. This will send sensitive information unencrypted over the network. The Splunk App for NSX-T only accepts TLS connections.
DCA-EN01a> get logging-servers 
Fri Jan 20 2023 UTC 11:33:27.389
192.168.10.8:514 proto udp level info exporter_name 8f7ac42f-f6cc-4ef9-a31d-aa9be731cb20

We can also set and check the NTP settings from the CLI below is the current NTP setting for my manager.

NSXTMan01> get ntp-server
Fri Jan 20 2023 UTC 11:36:39.023
192.168.10.4

Syslog via the UI

OK so lets setup the syslog via the UI. Navigate to System > Fabric > Profiles > Node Profiles then select All NSX Nodes then under Syslog Servers click +ADD

Enter the IP or FQDN of the syslog server, the Port and Protocol and the desired Log Level then click ADD

This configuration will be pushed to the NSX Managers and the Edges note it will overwrite any setting that is already there below we can see the NSX manager is now set to log to 192.168.10.10 with log level notice. When we first check it the syslog server was set to 192.168.10.8with log level info so it has replaced the configuration.

NSXTMan01> get logging-servers 
Fri Jan 20 2023 UTC 11:40:25.843
192.168.10.10:514 proto udp level notice exporter_name 5cc8a934-90ac-4c82-ad1c-3bda76c7673c

The same can be seen for the Edge.

DCA-EN01a> get logging-servers 
Fri Jan 20 2023 UTC 11:40:33.095
192.168.10.10:514 proto udp level notice exporter_name 06aa820b-490d-4922-a698-5e6725c2a543

NTP UI setting

We can also change the NTP and SNMP settings here I am adding two NTP servers click EDIT under the Summary section.

Select the Timezone and then add the NTP Servers and click SAVE

We can now see the configured NTP servers

If we check our manager we can see the two NTP servers configured

NSXTMan01> get ntp-server
Fri Jan 20 2023 UTC 11:42:44.650
192.168.10.4
192.168.10.5

And on the Edge.

DCA-EN01a> get ntp-server
Fri Jan 20 2023 UTC 11:42:42.166
192.168.10.4
192.168.10.5

Any new Edges that are deployed to the system will automatically get the settings configured here so it saves a lot of hassle and potential user input errors. Remember though if you need different settings then you still have to do all this manually at the CLI.