• On the VMware NSX Edge Node, a variant of the below command was used to configure the logging server (as per Admin Guide - Configure Remote logging) :

• After configuring the Edge with syslog via local CLI the setting is either removed or reverts to a different syslog server configuration after a short period of time.
• Running get node central-config on the Edge CLI shows 'enabled' as per below:
  
  Edge> get node central-config
<Time Stamp>
Status: enabled

VMware NSX
VMware NSX-T Data Center

This can occur due to a misconfiguration, NSX by default allows a centralised syslog configuration to be set that applies to all NSX Manager and Edge nodes as detailed in Admin Guide - Add Syslog Servers . As part of this configuration the NSX manager cluster will periodically sync the central configuration to all Edge nodes, overwriting any locally set values. This must be disabled on a per edge node basis as documented in the Admin Guide - Add Syslog Servers by running 'set node central-config disabled' on the Edge node prior to setting the syslog locally. . If this step is missed before the syslog is set on the node, the locally set value will be lost.

Follow the documented process and disable central config on the Edge node prior to setting the syslog setting by running the below command on the Edge local CLI. 

set node central-config disabled

Once set, manually set the syslog again using the set logging-server command as detailed in Admin Guide - Configure Remote logging .

If the central-config is disabled on the node and the edge is still facing loss of the local syslog please be aware of a known issue documented in KB322540 .