Increasing NSX-T Operational Visibility with vRealize Log Insight

A critical(and sometimes overlooked) component of any infrastructure implementation is operational visibility.  Its is important for troubleshooting, alerting and auditing purposes to send logs to a central location.

For NSX-T, this is where vRealize Log Insight and it’s NSX-T Content Pack come in. Description from the VMware Solution Exchange

“The NSX-T Log Insight Content Pack provides operational and alerting visibility for different sources of log data within NSX-T. The graphically rich content pack is essential for analyzing and identifying NSX-T configuration, performance, security and traffic related issues and makes it easy to act upon the information provided. The Content Pack covers NSX-T functions such as audit information, logical switch, logical router, Firewall traffic, DHCP and represents the information via custom dashboards, filters, and alerts. The seven NSX-T dashboards sort information based on user defined time intervals and the data is presented graphically via bar graphs, pie charts and raw data collection widgets.”

In this blog post, I’ll walk you through

  • Installing the NSX-T Content Pack for Log Insight
  • Configuring the various NSX components to forward logs to Log Insight
  • Review an example of how to leverage one of the dashboards to detail Logical Switch’s created

I’n my environment I’m running

  • NSX-T v2.2.0
  • vRealize Log Insight v4.6.1

Install the NSX-T Content Pack for Log Insight

  1. If your Log Insight cluster has internet access you can download the Content Pack from within the Content Pack Marketplace, which is built into the solution
    1. Login to Log Insight
    2. In the top right click the ‘burger icon’ and select Content Packs


    3. You should be presented with the Log Insight Content Pack Marketplace.  If not select Content Pack Marketplace, Marketplace on the left hand menu
    4. Scroll down until you find the VMware – NSX-T Content Pack


    5. Click it, review and accept the license agreement, click Install


    6. Click OK on the setup instructions to install the Content Pack, I’ll go into more detail shortly
  2. Alternatively, you can download the content pack from the VMware Solution Exchange (you will need a My VMware account) and install manually by clicking Import Content Pack and browsing to the .vlcp file you download


Configure Remote Logging

Now we have the Content Pack installed, we need to configure remote logging on the various NSX components, to send logs to Log Insight. To get the full picture you will need to ensure that remote logging is setup on;

  • NSX Manager
  • NSX Controller
  • NSX Edges
  • Hypervisors
    • I’ve already configured Log Insight vSphere Integration to collect events from vCenter and ESXi. There are several blogs out there which can walk you through this. e.g This one by VMGuru
  1. Connect to the NSX Manager via SSH(if enabled) or the VM Console
  2. Run the following command. This will send log events with a level of info and above to Log Insight via UDP(you can specify TCP if desired in your environment)
    set logging-server <log insight IP>  proto udp level info
  3. Repeat this command on all the Controllers and Edges in your environment
  4. To validate, within Log Insight go to the Interactive Analytics section and search for your NSX Manager(nsxmgr-01a in my case). You should now see events


Auditing changes to Logical Switches

Now that we are capturing the events in Log Insight, we can start to use the NSX-T Content pack and the numerous dashboard that it includes.  In this example, we’ll use the Content Pack to show us recent changes in the environment, related to Logical Switches

  1. In Log Insight, click Dashboards then within the left pane expand VMware – NSX-T and select NSX – Logical Switch Overview
  2. In my case there have been no Logical Switches created with the last 5 minutes


  3.  I’ll go ahead and create a Logical Switch (steps not shown)
  4.  Now if I refresh the dashboard, I can see 1 Logical Switch has been created


  5. Click the Open in Interactive Analytics icon


  6. I can now review all the details about this event.  In this case,  user admin successfully created a Logical Switch named VM-Dave-LS

    This post showcases just one example.  In a future post, I’ll describe how to utilize the alerts provided by the content pack, to proactively notify you of issues that may arise

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s