/ #api #nsx 

How to configure syslog for NSX-V components using API calls

Many people use NSX-V via the vSphere Web Client. However, the NSX manager provides a REST API entry-point and the consumption of logical networks and security services can be driven directly via the API. This API helps to automate the deployment and the management of NSX through scripts or a CMP.

The goal of this post is to describe how to configure syslog for various components of the NSX platform by using API calls.

General

I mainly use Postman (a Chrome app) to work on API calls. For this example, we have to configure the authentication and the content type before starting:

  • Authentication: Basic
  • Content-Type: application/xml (only useful for PUT and POST methods)

NSX Manager

You can configure a syslog server on NSX Manager admin interface…but it’s too simple, so we are gonna do it via API. :)

The request is the following:

PUT https://NSX-Manager-IP-Address/api/1.0/appliance-management/system/syslogserver

Request body:

<syslogserver>
   <syslogServer>1.2.3.4</syslogServer>
   <port>514</port>
   <protocol>UDP</protocol>
</syslogserver>

Of course, you have to replace the different fields with your own values as I did in the example below.

Configure Syslog via API for the NSX Manager

NSX Controllers

You might have noticed that you don’t have the option to configure syslog for the NSX Controllers via the vSphere Web Client. Actually, it’s only possible via API.

POST https://NSX-Manager-IP-Address/api/2.0/vdn/controller/controllerId/syslog

Request body:

<controllerSyslogServer>
   <syslogServer>10.51.10.111</syslogServer>
   <port>514</port>
   <protocol>UDP</protocol>
   <level>INFO</level>
</controllerSyslogServer>

Notes:

  • Have you noticed the change of method? While the PUT method was used for NSX Manager, we are now using POST for the NSX Controllers.

  • controllerId is an ID automatically generated at the deployment of the controller and can be retrieved via different methods (see below).

  • As the configuration is not synced between the controller nodes, the syslog configuration has to be done for each of the controllers deployed (usually 3, as it’s the only configuration supported).

You can retrieve the NSX Controller ID in the vSphere Web Client, in the Installation section of Networking & Security. Another option is to query NSX via API to retrieves details and runtime status for all controllers.

GET https://NSX-Manager-IP-Address/api/2.0/vdn/controller

You will find the controllerId for each controller instance in the answer.

NSX Edges

You can configure 1 or 2 remote syslog servers per edge service gateway. NSX Edge send events and logs related to firewall events that flow from NSX Edge appliances. The API request is the following:

PUT https://NSX-Manager-IP-Address/api/4.0/edges/**edgeId**/syslog/config
<syslog>
   <protocol>udp</protocol>
   <serverAddresses>
      <ipAddress>10.51.10.111</ipAddress>
      <ipAddress>10.51.10.112</ipAddress>
   </serverAddresses>
</syslog>

As for the controllers, the edgeId has to be retrieved either using the vSphere Web Client or via API.

To verify the configuration, you can use the same query with a GET method.

Resources: NSX vSphere 6.2 API Guide.

Author

Romain

Staff Technical Product Manager, technologist with 16+ years of Networking and Security experience in Data Center, Public Cloud & Virtualization (VMs and Containers). He is a double VCDX (DCV and NV, #120), VCDX panelist, frequent VMUG/VMworld speaker and contributor to the community via this blog or social media (follow him on Twitter @woueb).