NSX manager syslog is not reporting NSX user successful LOGIN events
Article ID: 399588
Updated On:
Products
VMware NSX
Issue/Introduction
- After enabling syslog for NSX managers, successful LOGIN events are not reported in
/var/log/syslogand subsequently not seen on the remote syslog server. - Successful login events are expected to look similar to the following:
- These events are also not seen in the NSX audit logs (
/var/log/audit/audit.log). - Only LOGOUT events and failed LOGIN events are reported in SYSLOG.
- However, according to the Broadcom "Log Messages and Error Codes" document, successful LOGIN events should be recorded.
Environment
- VMware NSX 4.2.x
- VMware NSX 9.0.x
Cause
A defect was introduced in VMware NSX 4.2.0 and above such that syslog includes the full user info but suppresses logging the successful operation.
Resolution
This is a known issue affecting VMware NSX 4.2.0 and above. There is currently no resolution.
Workaround:
Filter for AAA events in NSX syslog: (Note: AAA stands for Authentication, Authorization, and Accounting)
Log snippet:
YYYY-MM-DDT14:18:05.183Z #### NSX 5070 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="####" subcomp="manager" username="###"] UserName="###", Src="###", ModuleName="AAA", Operation="GetCurrentUserInfo", Operation status="success", New value=[{"root_path":"/","provide_flat_listing":false}]
Feedback
Yes
No
Powered by
