By default the TKGI provisioned LB has error_log_level as "INFO" and Virtual-server has access_log_enabled as "false"
In order to debug more granular traces sometime we need enabling the logs level.
If the LB is Provision using TKGI, the edit operation from the NSX-T UI would be greyed out. However, we can enable the logging using API call.
VMware NSX
1. Enabling ERROR log level for the Load balancer.
GET call to collect the lb-config for the concern LB UUID as .json file.
curl -X GET -H Content-Type:application/json -H X-Allow-Overwrite:True -ku admin https://localhost/api/v1/loadbalancer/services/96308305-###-####-####-575167ee1571 > lb-config.json
{
"enabled" : true,
"relax_scale_validation" : true,
"size" : "SMALL",
"error_log_level" : "INFO",
"virtual_server_ids" : [ "9d43f629-####-###-b9ec-0ba9ea44ca7b", "4ec57241-a360-####-####-26f126e15cfe", "ff359d38-ea14-####-####-00659077a415" ],
"attachment" : {
"target_id" : "feb9606c-e262-####-####-219ff062fc47",
"target_display_name" : "t1-domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5-foo-rtr",
"target_type" : "LogicalRouter",
"is_valid" : true
},
"resource_type" : "LbService",
"id" : "96308305-###-####-####-575167ee1571",
"display_name" : "domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5-foo",
"tags" : [ {
"scope" : "policyPath",
"tag" : "/infra/lb-services/domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5_45e4c6da-022d-4a1d-b18b-c0320f0a0bda"
} ],
"_system_owned" : false,
"_create_time" : 1717430254057,
"_create_user" : "nsx_policy",
"_last_modified_time" : 1717549696095,
"_last_modified_user" : "nsx_policy",
"_protection" : "REQUIRE_OVERRIDE",
"_revision" : 0
}
Change the "error_log_level" as "ERROR" in the body from GET Output and save the lb-config.json file, finally Push the changes using PUT API call.
# curl -X PUT -H Content-Type:application/json -H X-Allow-Overwrite:True -ku admin https://localhost/api/v1/loadbalancer/services/96308305-###-####-####-575167ee1571 -d @lb-config.json
PUT Body:
{
"enabled" : true,
"relax_scale_validation" : true,
"size" : "SMALL",
"error_log_level" : "ERROR",
"virtual_server_ids" : [ "9d43f629-####-###-b9ec-0ba9ea44ca7b", "4ec57241-a360-####-####-26f126e15cfe", "ff359d38-ea14-####-####-00659077a415" ],
"attachment" : {
"target_id" : "feb9606c-e262-####-####-219ff062fc47",
"target_display_name" : "t1-domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5-foo-rtr",
"target_type" : "LogicalRouter",
"is_valid" : true
},
"resource_type" : "LbService",
"id" : "96308305-###-####-####-575167ee1571",
"display_name" : "domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5-foo",
"tags" : [ {
"scope" : "policyPath",
"tag" : "/infra/lb-services/domain-c12068:ce0ee018-####-####-8e9b-9b4cffd24ff5_45e4c6da-022d-4a1d-b18b-c0320f0a0bda"
} ],
"_system_owned" : false,
"_create_time" : 1717430254057,
"_create_user" : "nsx_policy",
"_last_modified_time" : 1726890196496,
"_last_modified_user" : "admin",
"_protection" : "REQUIRE_OVERRIDE",
"_revision" : 1
}
2. Enabling access logs for the virtual server
GET call to collect the VS-config for the concern virtual server as .json file.
#curl -X GET -H Content-Type:application/json -H X-Allow-Overwrite:True -ku admin https://localhost/api/v1/loadbalancer/virtual-servers/9d43f629-####-###-b9ec-0ba9ea44ca7b >vs-config.json
{
"enabled" : true,
"access_log_enabled" : false,
"ip_address" : "10.#.#.3",
"port" : "6443",
"ports" : [ "6443" ],
"ip_protocol" : "TCP",
"pool_id" : "5630c19d-db17-####-####-d616c245b150",
"application_profile_id" : "75fc052c-8ebf-####-####-ffabb93da79e",
"log_significant_event_only" : false,
"resource_type" : "LbVirtualServer",
"id" : "9d43f629-####-###-b9ec-0ba9ea44ca7b",
"display_name" : "domain-c12068:ce0ee018-####-####-8e9b-9b4cffd2--6443",
"tags" : [ {
"scope" : "policyPath",
"tag" : "/infra/lb-virtual-servers/7349cf5c-1953-####-####-96fd35ccec6b_6443"
} ],
"_system_owned" : false,
"_create_time" : 1717432787041,
"_create_user" : "nsx_policy",
"_last_modified_time" : 1717432787041,
"_last_modified_user" : "nsx_policy",
"_protection" : "REQUIRE_OVERRIDE",
"_revision" : 0
}
Change the "access_log_enabled" as true in the body from GET Output and save the vs-config.json file, finally Push the changes using PUT API call.
curl -X PUT -H Content-Type:application/json -H X-Allow-Overwrite:True -ku admin https://localhost/api/v1/loadbalancer/virtual-servers/9d43f629-####-###-b9ec-0ba9ea44ca7b -d @vs-config.json
PUT body
{
"enabled" : true,
"access_log_enabled" : true,
"ip_address" : "10.#.#.3",
"port" : "6443",
"ports" : [ "6443" ],
"ip_protocol" : "TCP",
"pool_id" : "5630c19d-db17-####-####-d616c245b150",
"application_profile_id" : "75fc052c-8ebf-####-####-ffabb93da79e",
"log_significant_event_only" : false,
"resource_type" : "LbVirtualServer",
"id" : "9d43f629-####-###-b9ec-0ba9ea44ca7b",
"display_name" : "domain-c12068:ce0ee018-####-####-8e9b-9b4cffd2--6443",
"tags" : [ {
"scope" : "policyPath",
"tag" : "/infra/lb-virtual-servers/7349cf5c-1953-####-####-96fd35ccec6b_6443"
} ],
"_system_owned" : false,
"_create_time" : 1717432787041,
"_create_user" : "nsx_policy",
"_last_modified_time" : 1726889357117,
"_last_modified_user" : "admin",
"_protection" : "REQUIRE_OVERRIDE",
"_revision" : 1
}
Note: Kindly revert the changes back to original setting once scoping is done.
Log location-
Error log -
/var/log/lb/<lb-uuid>/logs/error.log
Access log -
/var/log/lb/<lb-uuid>/logs/access.log