Log rotation (rotation size and number of rotated files) of NSX related logs (nsx-syslog, nsx-idps, nsx-dfwpktlogs, nsx metrics) on the ESXi Transport Node
search cancel

Log rotation (rotation size and number of rotated files) of NSX related logs (nsx-syslog, nsx-idps, nsx-dfwpktlogs, nsx metrics) on the ESXi Transport Node

book

Article ID: 408587

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

There are few logs which are NSX related on the ESXi Transport node after NSX is installed on the ESXi host.

Following are the log locations on the ESXi Transport Node: 

1. /var/log/nsx/metrics/proto*.log 

2. /var/log/nsx-syslog 

3. /var/log/nsx-idps

4. /var/log/dfwpktlogs

 

Need to find the information pertaining to both the following aspects for log rotation of the above logs:

a) Rotation Size

b) Number of rotated files

Environment

VMware NSX

vSphere ESXi

Resolution

Log rotation for the following logs (NSX related) in ESXi Transport node:

1. /var/log/nsx/metrics/proto*.log 

From the file: /etc/vmware/nsx-opsagent/nsx-opsAgent.xml we can see the metrics log rotation as follows:

<path>/var/log/nsx/metrics</path>
                   <min_free_space>1 GiB</min_free_space>
                   <max_size>1 GiB</max_size>
                   <max_files>50</max_files>
                 </store>
                 <file>
                   <filename>proto.log</filename>
                   <rotation_policy>
                     <max_size>20 MiB</max_size>
                   </rotation_policy>

The above details show that after 50 files and 20MB each file with maximum space usage of 1G and then it should autorotate the log file

2. /var/log/nsx-syslog 

From the file:  /etc/vmsyslog.conf.d/nsx-syslog.conf we can see the nsx-syslog log rotation as follows:

# unique id for this logger
id = nsx-syslog

# description of this logger
descr = nsx logs

# idents this logger is interested in
idents = nsx-exporter,nsx-sfhc,nsx-proxy,nsx-opsagent,nestdb-server,netopa,nsx-sha,nsx-sha-python,mpa,cfgAgent,vdpi,sample-exporter,nsx-platform-client,nsx-logger,nsx-idps

# output file (e.g. foo == /var/log/foo.log)
file = nsx-syslog

# override top-level rotation parameters for nsx-syslog
size = 32768
rotate = 28

The above details show that after 28 files and 32MB each file the log will autorotate

3. /var/log/nsx-idps

From the file:  /etc/vmsyslog.conf.d/nsx-idps-events.conf we can see the nsx-idps log rotation as follows:

# unique id for this logger
id = nsx-idps-events

# description of this logger
descr = NSX IDPS events log

# idents this logger is interested in
idents = IDPS-EVT

# output file (e.g. foo == /var/log/foo.log)
file = nsx-idps/nsx-idps-events

# file logger class
fclass = FileLoggerSyslog

# network logger class
nclass = NetworkFilterSyslogTimestamp

# Number of rotated files
rotate = 10

# Rotate size
size = 10240

The above details show that after 10 files and 10MB each file the log will autorotate

4. /var/log/dfwpktlogs

From the file:  /etc/vmsyslog.conf.d/dfwpktlogs.conf we can see the dfwpktlogs log rotation as follows:

# unique id for this logger
id = dfwpktlogs

# description of this logger
descr = DFW packet logs

# idents this logger is interested in
idents = FIREWALL-PKTLOG

# output file (e.g. foo == /var/log/foo.log)
file = dfwpktlogs

# file logger class
fclass = FileLoggerMessageOnly

# network logger class
nclass = NetworkFilterMsgTimestamp

# Number of rotated files
rotate = 10

# Rotate size
size = 10240

The above details show that after 10 files and 10MB each file the log will autorotate

 

⚠️ Note: Modifying the default Log settings is not recommended

Powered by Wolken Software