Edge gateway IDS event logs are not send to syslog server

search cancel

Edge gateway IDS event logs are not send to syslog server

book

Article ID: 371450

calendar_today

Updated On: 03-03-2025

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Edge gateway events are being sent to remote syslog server
IDS event logs are not being sent to remote syslog server
NSX Edge logging for remote syslog is configured with log level "notice" or higher

Environment

NSX 4.1

Resolution

Firstly, make sure that Monitoring IDS/IPS Events is configured correctly.

In order for NSX Edge to send IDS event logs to remote syslog server, the level of logging has to be set to "info".

As per public documentation on configuring NSX Edge remote logging, the following NSX CLI command can be run in the NSX Edge to confirm the level of logging:

get logging-serverexample output with notice level of logging:

<IP address of syslog server> proto udp level notice facility local6 messageid SYSTEM,FABRIC

The same documentation can be followed to set the logging level to info (Valid logging level operation includes: emerg, alert, crit, err, warning, notice, info, debug).

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No