How to handle audit_log_health.remote_logging_server_error alarm in NSX-T Manager.
search cancel

How to handle audit_log_health.remote_logging_server_error alarm in NSX-T Manager.

book

Article ID: 345808

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Title: Alarm for audit_log_health.remote_logging_server_error
Event ID: audit_log_health.remote_logging_server_error
Added in release: 3.1.0
Alarm Description
  • Purpose: The purpose of this alarm is to inform the sepecific remote logging server is not able to received the log due to an unresolvable FQDN, an invalid TLS certificate or missing NSX appliance iptables rule.
  • Impact: Expect to see log write failure and log content is missing.


Environment

VMware NSX-T Data Center

Resolution

Resolution:
1. Ensure that the given logging-server has the correct hostname or IP address and port.
2. If the logging server is specified using a FQDN, ensure the FQDN is resolvable from the NSX appliance using the NSX CLI command nslookup <fqdn>. If not resolvable, verify the correct FQDN is specified and the network DNS server has the required entry for the FQDN.
3. If the logging server is configured to use TLS, verify the specified certificate is valid. For example, ensure the logging server is actually using the certificate or verify the certificate has not expired using the openssl command openssl x509 -in <cert-file-path> -noout -dates.
4. NSX appliances use iptables rules to explicitly allow outgoing traffic. Verify the iptables rule for the logging server is configured properly by invoking the NSX CLI command verify logging-servers which re-configures logging server iptables rules as needed.
5. If for any reason the logging server is misconfigured, it should be deleted using the NSX CLI del logging-server <hostname-or-ip-address[:port]> proto <proto> level <level> command and re-added with the correct configuration.
  • Maintenance window required for remediation? No