• DNS servers report a very high rate of DNS resolution requests for the name of the vRLI/Aria Operation for Logs server. The requests originate from NSX.
• NSX nodes are not logging to the remote vRLI/Aria log server
• NSX log is configured like in this example
  
  > get logging-servers

loginsight.example.com:9543 proto tcp level info exporter_name e867b89b-####-####-####-ab1d7b715ec0
  
  
• NSX logs report connection problems, this example from an Edge is logged continuously in /var/log/syslog
  
<DATE>T11:11:19.180Z Edge rsyslogd - - -  omfwd: remote server at loginsight.example.com:9543 seems to have closed connection. This often happens when the remote peer (or an interim system like a load balancer or firewall) shuts down or aborts a connection. Rsyslog will re-open the connection if configured to do so (we saw a generic IO Error, which usually goes along with that behaviour). [v8.2304.0 try https://www.rsyslog.com/e/2027 ]

VMware NSX-T 3.x
VMware NSX 4.x

Logging has been configured for standard TCP on port 9543 of the vRLI/Aria Operation for Logs server. Port 9543 is for TLS (SSL) configuration and not standard TCP. Port 514 should be used for the standard TCP. While the NSX client will be able to connect to the log server it will very quickly be shutdown. NSX will retry at a high rate and each request will do a DNS lookup.

This is a known behaviour of VMware NSX and vRLI/Aria Operation for Logs.

Reconfigure NSX to use port 514 via cli or use the NSX Node Profile via the UI, System -> Fabric -> Profiles -> Node Profiles.