Scenario: We want to have NSX-T 2.4 Managers/Controllers and Edges send logs to a central logging server (such as vRealize Log Insight). This is particularly important for the firewall logs, since we do want to be able to use them for troubleshooting and security operations. The distributed firewall logs are sent from each ESXi host, but the edge firewall logs (T0/T1) are sent from each Edge appliance, so that’s where we need to set the proper syslog settings for NSX-T.
Problem: The NSX-T 2.4 documentation page (link) specifies example appliance syslog settings that only sends a limited amount of logs, which makes troubleshooting and operations difficult. Example below.
Solution: Use the example for proper syslog settings for NSX-T from the VMware Validated Designs (VVD) 5.1 (link) instead. Example below. Repeat for each NSX-T Manager/Controller and Edge. Now you should have plenty of logs sent to your syslog destination. Also, do consider switching from unencrypted UDP transport to something more secure, to prevent tampering and strengthen security.
Hope this helps! Also, stay tuned for more blog posts about managing the Bare Metal Edges.