• After configuring remote logging with TLS on NSX T components using the documented process (Admin Guide - Configure Remote Logging) no expected messages are observed within the syslog server.
• The syslog server has been configured using IP and not FQDN.
• /var/log/rsyslog.log  on the component shows messages related to TLS as below:
  
  <TimeStamp> <Component Hostname> rsyslogd - - -  Error: generic error happened during validation check [v8.2202.0]
  <TimeStamp> <Component Hostname> rsyslogd - - -  nsd_ossl: TLS Connection initiated with remote syslog server. [v8.2202.0]
  <TimeStamp> <Component Hostname> rsyslogd - - -  nsd_ossl: Information, no shared curve between syslog client and server [v8.2202.0]
  <TimeStamp> <Component Hostname> rsyslogd - - -  nsd_ossl:TLS session terminated with remote syslog server: peer name not authorized, not permitted to talk to name: /C=/ST=/L=/O=/OU=/CN=<CN of syslog server>;  [v8.2202.0 try https://www.rsyslog.com/e/2088 ]
  
  
• etc/rsyslog.conf on NSX appliance (edge or manager) shows syslog configured with IP and not FQDN as below:

$ActionSendStreamDriverPermittedPeer <IP of syslog server>  # nsx exporter: <UUID>

VMware NSX-T Data Center
VMware NSX

Within the configuration page (Admin Guide - Configure Remote Logging) an example is given for the set logging-server command as below:

• set logging-server <hostname-or-ip-address[:port]> proto <proto> level <level> [facility <facility>] [messageid <messageid>] [serverca <filename>] [clientca <filename>] [certificate <filename>] [key <filename>] [structured-data <structured-data>]

However when configuring with TLS the syslog server must be referenced by its FQDN to match the certificate configured on the syslog server and not by ip-address. 

Re-configure the syslog server using the FQDN and not the IP as per the documentation.
Delete the old configuration using the del logging-server command on the component in the same way as originally applied with IP.
Do not edit the rsyslog.conf file directly.