Many people use NSX via the vSphere Web Client. However, the NSX manager provides a REST API entry-point and the consumption of logical networks and security services can be driven directly via the API. This API helps to automate the deployment and the management of NSX through scripts or a CMP.
The goal of this post is to describe how to configure syslog for various components of the NSX platform by using API calls.
I mainly use Postman (a Chrome app) to work on API calls. For this example, we have to configure the authentication and the content type before starting:
- Authentication: Basic
- Content-Type: application/xml (only useful for PUT and POST methods)
You can configure a syslog server on NSX Manager admin interface…but it’s too simple, so we are gonna do it via API. 🙂
The request is the following:
<syslogserver> <syslogServer>18.104.22.168</syslogServer> <port>514</port> <protocol>UDP</protocol> </syslogserver>
Of course, you have to replace the different fields with your own values as I did in the example below.
You might have noticed that you don’t have the option to configure syslog for the NSX Controllers via the vSphere Web Client. Actually, it’s only possible via API.
<controllerSyslogServer> <syslogServer>10.51.10.111</syslogServer> <port>514</port> <protocol>UDP</protocol> <level>INFO</level> </controllerSyslogServer>
- Have you noticed the change of method? While the PUT method was used for NSX Manager, we are now using POST for the NSX Controllers.
- controllerId is an ID automatically generated at the deployment of the controller and can be retrieved via different methods (see below).
- As the configuration is not synced between the controller nodes, the syslog configuration has to be done for each of the controllers deployed (usually 3, as it’s the only configuration supported).
You can retrieve the NSX Controller ID in the vSphere Web Client, in the Installation section of Networking & Security. Another option is to query NSX via API to retrieves details and runtime status for all controllers.
You will find the controllerId for each controller instance in the answer.
You can configure 1 or 2 remote syslog servers per edge service gateway. NSX Edge send events and logs related to firewall events that flow from NSX Edge appliances. The API request is the following:
<syslog> <protocol>udp</protocol> <serverAddresses> <ipAddress>10.51.10.111</ipAddress> <ipAddress>10.51.10.112</ipAddress> </serverAddresses> </syslog>
As for the controllers, the edgeId has to be retrieved either using the vSphere Web Client or via API.
To verify the configuration, you can use the same query with a GET method.
Resources: NSX vSphere 6.2 API Guide.