9.2.1 NSX Edge Gateway Logs
When managed through vCloud Directory for service providers, the IP addresses of syslog servers for NSX Edge gateways are configured centrally through vCloud Director. (This is the same for all edges that might be NSX Edge gateways or edges on virtual application networks.) One of the external NSX Edge gateway interfaces is connected to the syslog network that routes to the syslog servers.
Table 16. vCloud Director for Service Providers Component Logging
| Provider Logs | Tenant Logs |
vCloud Director cells | * | * |
vCenter Server instances | * | |
ESXi hosts | * | |
vRealize Orchestrator | * | |
NSX Manager | * | |
NSX Edge | * | * |
A tenant can also deploy their own vRealize Log Insight appliance to a dedicated Org in a virtual data center network. The subnet and IP address of the tenant’s syslog server must match the secondary syslog address of NSX Edge gateways. This allows the tenant to see the NSX edge logs in real time, which is very useful for troubleshooting.
Figure 11. Edge Gateway Provider and Tenant Syslogs
Table 17. NSX Edge Logs
Log Type | Collection Method |
NSX Edge rule events. With the log box checked, the logs described here are interactions with firewall rules. | Remote or optional tenant syslog |
The NSX Edge log has the following format:
The following code block provides an example log entry from NSX Edge.
The vRealize Log Insight server adds the IP address of the syslog sender, which is the NSX Edge gateway network logging external interface.
The following table provides an overview of the format of NSX Edge Logs. For example, filtering on Organization-ID allows creation of dashboards specific to individual tenants.
Table 18. NSX Edge Log Format
Field Name | Description |
Date-Time | Date and Time in format: Month Day HH:MM:SS, for example: Sep 5 10:50: 56 |
NSXEdge-ID | Unique Edge ID provided by NSX Manager (not vCloud Director). |
Program/Daemon-Name | Name of the daemon or program that is logging this message (for example: DHCP, kernel, pluto, nginx) |
PID | PID of the program logging this message. This is optional, especially for kernel and iptables related messages. PID is not logged. |
Tenant/Organization-ID | This is the organization identifier. |
EdgeService/Action-Identifier | This is optional. For some log messages (where daemon name does not specify the EdgeService uniquely), service identifier is prefixed to the log message (for example: DNAT, SNAT, Firewall-policyapplied-to-rule=ACCEPT|DROP). |
Message | This is the actual log message. |
