• Edge gateway events are being sent to remote syslog server
• IDS event logs are not being sent to remote syslog server
• NSX Edge logging for remote syslog is configure with log level "notice" or higher

NSX 4.1

Firstly, make sure that Monitoring IDS/IPS Events is configured correctly.

In order for NSX Edge to send IDS event logs to remote syslog server, the level of logging has to be set to "info".

As per public documentation on configuring NSX Edge remote logging,  the following NSX CLI command can be run in the NSX Edge to confirm the level of logging:

get logging-server

example output with notice level of logging:

<IP address of syslog server> proto udp level notice facility local6 messageid SYSTEM,FABRIC

The same documentation can be followed to set the logging level to info (Valid logging level operation includes: emerg, alert, crit, err, warning, notice, info, debug).

Configure Monitoring for IDS Events: https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-852AADD3-653F-4C1C-A10E-24D03B4084CA.html

Configure Remote Logging for NSX Appliance or NSX Edge: https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-8085C57D-681A-4435-83A3-CB21C98F4A93.html#GUID-8085C57D-681A-4435-83A3-CB21C98F4A93