Logging configuration
After setting up your NSX, it is important to configure logging for your NSX. Administrators may need to refer to logs for troubleshooting purposes etc. If you remember NSX-V, there are quite a few steps to be done and also require you to use RestAPI for certain part. With the current NSX, the configuration is now very straightforward. Lets cut the nonsense and jump straight to the topic.
First, SSH to the NSX Manager appliance/s as shown below:
To set log server, type: set logging-server <IP_addr_of Log svr or VRLI> proto udp level info
To verify configuration, type: get logging-servers
set logging-server 192.10.1.123 proto udp level info
get logging-servers
The output should be similar as shown below:
Now, repeat the same steps for the Edge VM/s. SSH to the Edge/s and type the same commands.
The output should be the same.
Now you are done. We can proceed to do some testing to ensure that our configuration are done properly.
As you can see, the NSX dashboard is currently clean without any traffic or flashy graphs.
Let me go to my NSX’s DFW and turn on logging for the 2 rules. Click on the “Gear” button to enable the logging. My client PC VM is currently part of the “Restricted VM” group. Thus we will try to generate some traffic and hopefully these activities are logged in our Aria Log.
From my client VM, I attempted to generate some FTP traffic. As expected, the traffic doesn’t goes thru to my FTP server.
Wait for a few minutes and try refresh the dashboard again. Now we saw some traffic being captured. We can see that traffic for port 21 was being logged. From Aria logs, you will be able to click on the Pie chart and drill into the logs directly.
From the event, we can see that the VM traffic was being rejected. You can also identify the rule ID which can then associated to the rule configured in NSX’s DFW.
For more details you may refer to the official documentation here.
For previous posts please go to the main page.
Thank you for reading.