There are a lot of components in an NSX implementation, so as a consequence there are a lot of places where you can set up logging for the various parts of the solution to help aid troubleshooting. This post will look at how to configure logging in NSX, with some examples thrown in of what the various log files look like.
I’ll start by looking at some of the logs that are available via the CLI.
Viewing logs on NSX Manager and NSX Router CLI
After logging into the NSX Manager appliance’s CLI you can view the log by running ‘show manager log’:
There are number of commands you can use to viewing the log, these are:
For example, to show the last 10 log entries you could run ‘show manager log last 10’. Using the ‘follow’ option can also be useful. This is essentially the same as ‘tail -f’ on ESXi, allowing you to view the log in real time.
When logged onto an NSX router, similar options are available:
- Show log
- Show log follow
- Show log reverse
Configuring Syslog on NSX Manager and NSX Router
To configure Syslog setting on NSX Manager, log into the web interface for the appliance, then go to ‘Manage Appliance Settings’:
First of all, NTP should be configured, if it isn’t already set. To do so, click ‘edit’ next to ‘Time Settings’:
After configuring NTP, click edit next to ‘Syslog Server’ to configure the syslog settings:
Note that you can select whichever port and protocol required.
To configure Syslog settings on NSX edge routers, log into the vSphere Web Client, then go to ‘Networking & Security’ then ‘NSX Edges’. Select the router on which to configure the syslog settings then, on the settings tab, select ‘change’ next to the Syslog options:
Configuring Logging on NSX Routers
On an NSX router you can change the control logging level by clicking on the ‘Actions’ menu and selecting ‘Change Log Level’:
There are a number of logging levels to choose from:
Along with the setting the control level logging, there are a number of other areas on NSX routers where logging can be configured. The next sections of this post will look at some of those.
Enabling Logging for Dynamic Routing
You can enable logging for the dynamic routing configuration on an NSX router by going to the routing tab, then selecting edit for dynamic routing configuration:
Configuring Logging for NSX Edge Gateway Services
There are a number of places where you can enable logging on the NSX Edge router. To enable logging for firewall rule processing, go to the firewall tab for the Edge router in the vSphere Web Client. Select a firewall rule then in the ‘logging’ column, choose the logging level after clicking on the ‘+’ symbol:
Logging can also be configured for other NSX Edge services such as VPN, Load balancer and DNS/DHCP Services. Logging is configured for each on their respective settings screens/tabs. For example, to configure logging for NSX VPN, select the VPN tab, then configure the logging policy:
Generating NSX Tech Support Bundles/Logs
Similar to ESXi/vCenter, you can also create tech support bundles for NSX components, generally used when troubleshooting alongside VMware technical support.
For NSX Edge routers go to Networking & Security in the vSphere Web Client, then select the edge router in the NSX Edges screen. Click actions, then ‘Download Tech Support Logs’:
For NSX Manager, you can grab the tech support logs by logging into it’s web interface, then selecting the cog in the top right hand corner of the window:
NSX Ticket Logger
Ticket logger is a feature in NSX that allows you to track configuration changes being made. Ticket logging can be enabled on the NSX home screen in the vSphere Web Client.
You can read more about ticket logger here.
Useful Links and Resources
Hopefully this post has been a useful trip around some of the logging options available in NSX. For more detail on this refer to VMware’s documentation which can be found here:Follow @buildvirtual