Configuring a VMware NSX-V Device to Send Syslogs

This topic is intended for TOS Administrators.

Overview

Syslog traffic must be configured to arrive to the TOS cluster that monitors the device - see Sending Additional Information via Syslog.

Syslog proxy is supported for specific devices. For more information on syslog proxy support for supported devices, see Configuring Devices to Send Logs.

Only rules that are marked for logging in the device are included in the syslogs.

Define SecureTrack as a Syslog Server on a VMware NSX Device

1. From the vSphere Client or the vSphere Web Admin, login to either the vCenter server or directly to the relevant ESXi server.

2. Select the ESXi server and select the Configuration tab.

3. Under the Software heading, select Advanced Settings.

4. From the list of settings, select Syslog > Global.

5. In the Syslog.global.logHost field, enter the connection information for SecureTrack in the syntax: udp://<ip_address>:514

   For example: udp://192.168.0.1:514

6. Make sure the Distributed Firewall rules are configured with the Log option. (VMware NSX documentation)

7. (Optional) To configure the NSX Manager to send change logs to SecureTrack to receive revisions when firewall rules are changed:

   1. Login to the NSX Manager.

   2. Click Manage Appliance Settings.

   3. In the Settings > General section, in the Syslog Server section click Edit.

   4. Enter the SecureTrack server details:

      • Syslog server: The appropriate TOS destination described in Sending Additional Information via Syslog.

      • Port: Enter 514.

      • Protocol: Select UDP.

      Click OK.