Objective 8.5 – Administer Logging

Knowledge

  • Identify content contained in technical support bundles
    • Product specific diagnostic logs.
  • Identify where to locate component/service specific log information
    • All log information is sent to the configured syslog servers
  • Explain usage of CLI for logging
    • The CLI can be used to show log information
      • NSX Manager
        • Show manager log
        • Show manager log last
      • NSX Edge
        • Show log
        • Show log follow
        • Show log last
        • Show log reverse
  • Configure Syslog(s)
    • NSX Manager
      • Log in to the NSX Manager virtual appliance
      • Under Appliance Management, click Manage Appliance Settings.
      • From the Settings panel, click General.
      • Click Edit next to Syslog Server.
      • Type the IP address of the syslog server.
      • Type the port and protocol for the syslog server.
        If you do not specify a port, the default UDP port for the IP address/host name of the syslog server is used.
      • Click OK.
    • NSX Edge
      • Log in to the vSphere Web Client.
      • Click Networking & Security and then click NSX Edges.
      • Double-click a NSX Edge.
      • Click the Manage tab and then click the Settings tab.
      • In the Details panel, click Change next to Syslog servers.
      • Type the IP address of both remote syslog servers and select the protocol.
      • Click OK to save the configuration.
    • NSX Controller
      • The only way to configure syslog export on the NSX controllers is by the REST API
    • Firewall
      • You must configure the remote syslog server for each cluster that has firewall enabled. The remote syslog server is specified in the Syslog.global.logHost attribute
  • Configure logging for Dynamic Routing information
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a Distributed Router.
    • Click the Manage tab and then click the Routing tab.
    • Select Global Configuration and click Edit by Dynamic Routing Configuration
    • Click Enable Logging to log Dynamic Routing Config traffic, and select the log level.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log Distributed Firewall rule processing information
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a Distributed Router.
    • Click the Manage tab and then click the Firewall tab.
    • For each rule to log, click on the [+] by “Accept”
    • In the Pop-up box click Log to log traffic matched by that rule.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log Edge Firewall rule processing information
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a NSX Edge.
    • Click the Manage tab and then click the Firewall tab.
    • For each rule to log, click on the [+] by “Accept”
    • In the Pop-up box click Log to log traffic matched by that rule.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log address translation information
    • Log in to the vSphere Web Client.Click Networking & Security and then click NSX Edges.
    • Double-click a NSX Edge.
    • Click the Manage tab and then click the NAT tab.
    • For each rule to log, click on the rule to select it, then click the Edit (Pencil) icon
    • In the Pop-up box click Enable logging to log traffic matched by that rule.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log VPN traffic
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a NSX Edge.
    • Click the Manage tab and then click the VPN tab.
    • Expand the Logging Policy subsection
    • Click Enable Logging to log VPN traffic and select the log level.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Configure basic/advanced Load Balancer logging
    • Basic
      • Log in to the vSphere Web Client.
      • Click Networking & Security and then click NSX Edges.
      • Double-click a NSX Edge.
      • Click the Manage tab and then click the Load Balancer tab.
      • Click Edit
      • Scroll to the bottom and click Logging to log LB traffic and select the log level.
        Generated logs are sent to the syslog server.
      • Click Ok.
    • Advanced
      By default, NSX load balancer supports basical logging. You can create an application rule as follows to view more detailed logging messages for troubleshooting.
      # log the name of the virtual server
      capture request header Host len 32

      # log the amount of data uploaded during a POST
      capture request header Content-Length len 10

      # log the beginning of the referrer
      capture request header Referer len 20

      # server name (useful for outgoing proxies only)
      capture response header Server len 20

      # logging the content-length is useful with “option logasap”
      capture response header Content-Length len 10

      # log the expected cache behaviour on the response
      capture response header Cache-Control len 8

      # the Via header will report the next proxy’s name
      capture response header Via len 20

      # log the URL location during a redirection
      capture response header Location len 20

      After you associate the application rule to the virtual server, logs include detailed messages

  • Log DHCP assignments
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a NSX Edge.
    • Click the Manage tab and then click the DHCP tab.
    • Click Enable Logging to log DHCP traffic and select the log level.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log DNS resolutions
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click a NSX Edge.
    • Click the Manage tab and then click the Settings tab.
    • In the DNS Configuration panel, click Change.
    • Click Enable Logging to log DNS traffic and select the log level.
      Generated logs are sent to the syslog server.
    • Click Ok.
  • Log security policy session information
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click Service Composer.
    • Click the Security Policies tab.
    • Select the Security Policy to which you wish to add logging.
    • Click the Manage tab then Information Security
    • Select Firewall Rules then click Edit
    • Select the Rule to add logging to, and click the Edit (Pencil) icon
    • Scroll down, and select Log, click OK
    • Click OK
    • Repeat for the Network Introspection Services
  • Download NSX Edge tech support logs
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Select an NSX Edge instance.
    • Click the “More Actions” icon and select Download Tech Support Logs.
    • After the tech support logs are generated, click Download.
    • In the Select location for download dialog box, browse to the directory where you want to save the log file.
    • Click Save.
    • Click Close.
  • Generate NSX Manager tech support logs
    • Log in to the NSX Manager virtual appliance.
    • Under Appliance Management, click Manage Appliance Settings.
    • Click and then click Download Tech Support Log.
    • Click Download.
    • After the log is ready, click the Save to download the log to your desktop.
      The log is compressed and has the file extension .gz.

Tools

  • NSX Administration Guide
  • NSX Command Line Interface Reference Guide
  • NSX Edge CLI
  • vSphere Web Client
  • Log Insight
  • Syslog
Advertisements

One thought on “Objective 8.5 – Administer Logging

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s