Thanks for the info, but I am not clear on how that meets the requirement. I have done exactly what you mentioned using a node profile, but I consider that level of logging to meet our 'provider' or infrastructure requirements. Syslog for a tenant should be an entirely different thing.

For example:

Provider (Managers, ETNs etc) > provider syslog

Tenant A ESG 1 > Tenant A syslog 

Tenant A ESG 2 > Tenant A syslog

Tenant B ESG 1 > Tenant B syslog 

Tenant B ESG 2 > Tenant B syslog

As a provider, neither of these tenant syslog servers will be accessible to us - will not be within our VRF, nor would each tenant syslog be in the same VRF. With vCloud and NSX-V this was easily achieved as the ESG would send the logs to a syslog server which it had network access to. How is this achieved with vCloud underpinned by NSX-T?

As long as the dedicated Edges can reach the Syslog server of the tenants, they will continue to get the same benefit. However, when you have a shared Edge for multiple tenants, it will defeat the purpose. Even in NSX-V, we can technically share ESG with multiple tenants ( shared network) so the challenge was already there. 

Hi,

so that means that with a vCloud environment based on nsx-t, a tenant is no longer able to configure a Syslog-Server by him self? Because he had no access to the nsx-nodes, and even if we would have dedicated Edges for each tenant the configuration had to be done by the provider?

kind regards

This is correct, T1/T0 is totally different if we compare them with DLR/ESG. If we enable logging on Edges, it applies to all tenants who are sharing the edges. So dedicated edges with provider-managed loggings are required.

We have an alternative option now if you are using VCD 10.4 + NSX 3.2 

https://fojta.wordpress.com/2022/10/03/multitenant-logging-with-vmware-cloud-director/