Overview:

Being able to view log information is critical in being able to ensure the Edge Gateway is functioning as expected. All services that the Edge provides can be logged. The NSX Edge relies on configuration and management from either the vSphere Web Client or directly via API calls which can then be consumed via a REST API interface or via a customer written portal such as Zettagrid’s MyAccount Portal.

  • DHCP (Service Wide)
  • NAT (Individual Rules)
  • Firewall (Individual Rules)
  • IPSec VPN (Service Wide)
  • SSL-VPN Plus (Service Wide)
  • Routing (Service Wide)
  • Load Balancer(Service Wide)

There are a number of logging levels available:

  • Debug
  • Alert
  • Critical
  • Error
  • Warning
  • Notice
  • Info
  • Debug

Each selected level will provide a different level of messaging with Debug being the noisiest level.

You can configure one or two remote syslog servers. NSX Edge Service events and logs related to firewall events that flow from NSX Edge appliances are sent to the syslog servers. There are a number of Syslog Servers that are available for download or you might have your own flavor deployed already into your environment.

DHCP:

Under the DHCP Tab where the service is enabled check the box and select the logging level.

syslog_6

Routing:

Under the Routing Tab under Global Configuration and Dynamic Routing Configuration, click on the Edit button and check the box and select the logging level.

syslog_7

syslog_8

Load Balancer:

Under the Load Balancer Tab under Global Configuration click on the edit button check the box and select the logging level

syslog_9

syslog_10

VPN:

Under the VPN Tab and under IPSec VPN expand the Logging Policy (you can see the consistency in the Web UI coming through here) check the Enable Logging box and select the logging level. Once that’s done click on the Publish Changes button to commit the config.

syslog_11

SSL VPN-Plus:

Under the SSL VPN-Plus Tab and under Server Settings expand the Logging Policy and click on Change button check the box and select the logging level.

syslog_12

syslog_13

NAT:

Every NAT rule can be logged individually. To enable this check the Enable Logging box while configuring or editing each NAT Rule.

syslog_14

Firewall Rule:

Finally each Firewall rule can be logged individually. To enable logging under the Firewall Tab when configuring or modifying the Action even of a rule you have the option to select Log or Do Not Log as shown below.

syslog_15

Configuring Syslogging via the NSX API:

Below are the key API commands to configure and manage Logging.