7.2 NSX for vSphere Logging Considerations
All VMware NSX components, such as NSX Controller, VMware NSX Virtual Switch™, and NSX Edge, provide detailed network visibility and data. The VMware NSX platform offers centralized reporting and monitoring, distributed performance and scale, and is designed for automation. VMware NSX is built on a REST API provided by NSX Manager, and all operations can be performed programmatically through scripting or higher-level languages.
Figure 19. NSX for vSphere Logging Environment
ESXi hosts run a syslog service (vmsyslogd) that provides a standard mechanism for logging messages from VMkernel and other system components. ESXi can also be configured to send the logs across the network to a VMware vRealize Log Insight™ server. There are multiple levels of logging to consider.
Note Configuration of the vRealize Log Insight service on ESXi can be performed using host profiles, the vSphere command-line interface, or the advanced configuration options in the VMware vSphere Client™.
The following log files are related to NSX and must be sent to an appropriate log collection service such as vRealize Log Insight:
• Distributed firewall packet logs can be found at /var/log/dfwpktlogs.log.
• Distributed firewall userworld agent logs are located at /var/log/vsfwd.log.
• Netcpa (userworld agent) logs can be found at /var/log/netcpa.log. This log file contains messages regarding controller-to-host communication details.
• Logical switch (VXLAN), distributed logical router and VMware Internetworking Service Insertion Platform (VSIP) kernel module logs are available at /var/log/vmkernel.log. The logical switch related logs will be tagged with vxlan, the distributed logical router related logs will be tagged with vdrb, and the VSIP-related logs will be tagged with vsip.
• DVS logs are also available at /var/log/vmkernel.log
