VMware Networking Community
santunez2275
Enthusiast
Enthusiast
‎11-24-2017 07:19 AM

NSX and Log Insight

Hello Guys

NSX 6.3.5 and Log Insight 4.5.1 were installed. NSX was configured to send log to Log Insight, but in Dashboard it does not show data of Logical Switch Created.

NSX was configured to send log to Log Insight, but in Dashboard it does not show data of Logical Switch Created, Logical Routers, always shows in zero and have Logical Switch and Logical Routers actives.

The only thing that shows us dashboard is Edge Firewall.

How can you validate that the logs are being sent correctly to Log Insight?

Regards

Tags (1)
0 Kudos
7 Replies
bayupw
Leadership
Leadership
‎11-26-2017 11:24 AM

Hi Sebastian,

Make sure you have forwarded all the required components to the Log Insight:

1. ESXi Host Logs

2. NSX Manager Logs

3. NSX Controller Logs

4. NSX Edge Logs

Then check if you can see the logs are being forwarded to the Log Insight.

You can refer to this doc (About NSX Logs) on how to specify syslog server for each components

Or these 2 blog posts

Integrate VMware NSX in Log Insight | Virten.net

https://esxsi.com/2017/02/09/nsx-log-insight/

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
amolnjadhav
Enthusiast
Enthusiast
‎11-27-2017 05:59 AM

Hi,

Even i have faced this issue in my envornment.

Please configure syslog server "vRLI" ip address in each esx host this should reslove your issue.

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Regards Amol Jadhav VCP NSXT | VCP NSXV | VCIX6-NV | VCAP-DCA | CCNA | CCNP - BSCI
0 Kudos
Mparayil
Enthusiast
Enthusiast
‎11-28-2017 02:58 AM

Hello,

Let me know if you are still having this issue we can work on this,

0 Kudos
santunez2275
Enthusiast
Enthusiast
‎11-28-2017 09:30 AM

Hello

The problema persist. I changed fqdn by IP but not receive events.

Regards.

Sebastian

0 Kudos
Mparayil
Enthusiast
Enthusiast
‎11-28-2017 09:50 AM

Are you able to see all the vSphere components like ESxi host etc.., for me it looks like NSX manger is not sending the logs to the Login sight, when we create a Logical switch or any thing the logs needs to be forward to the Log insight from that log event it takes the number of creation events and mentions on the Login sight dash board.

can you UNconfigure the Syslog server on the NSX manger and reconfigure it.

I am checking the working setup logs to identify the issue.

I will get back to you !

0 Kudos
Mparayil
Enthusiast
Enthusiast
‎11-28-2017 09:52 AM

ON NSX manger try to register thhe Syslog details with IP address and select UDP port 514

0 Kudos
srodenburg
Expert
Expert
‎12-04-2017 12:26 PM

Forget about the dashboards for a second. In LI, under "Interactive analysis", when you filter on source, do you see anything arriving at all, from all the hosts that you expect (have configured) ?

If that does not work, forget any further steps and fix that first.

0 Kudos