NSX Edge Node Alarm: "One or More Edge Nodes Are Not Currently Configured to Forward Log Messages to a Remote Logging Server"
search cancel

NSX Edge Node Alarm: "One or More Edge Nodes Are Not Currently Configured to Forward Log Messages to a Remote Logging Server"

book

Article ID: 413417

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Title: Alarm for Remote Logging Not Configured

Alarm Description:  Indicates if remote logging server is not configured for NSX Edge nodes.

  1. The NSX Manager UI displays an alarm titled: "One or more edge nodes are not currently configured to forward log messages to a remote logging server."

  2. When logged into the CLI of the affected Edge node(s) and executing the command get logging-servers, the output shows no configured remote syslog server, or the configuration is incorrect/incomplete.

Environment

VMware NSX 

Cause

Centralized remote logging is a fundamental operational and security best practice within any enterprise environment. The NSX Manager actively monitors for compliance with such configurations on its managed Edge nodes. The absence of a properly configured remote syslog server directly triggers this health alarm, indicating a configuration deficiency.

Resolution

To resolve this alarm and ensure proper log management, configure the affected NSX Edge nodes to forward their syslog output to a remote logging server using the NSX CLI.

Procedure:

  1. Identify Affected Edge Nodes:

    • Check the NSX Manager UI to identify which specific Edge nodes are triggering the alarm.

    • Alternatively, log into the CLI of each suspected Edge node.

  2. Verify Current Configuration (Optional):

    • Log in to the CLI of the affected Edge node.

    • Execute the command:

       get logging-servers

    • This command will display the current remote logging server configuration. If it's empty or incorrect, proceed to the next step.

  3. Configure Remote Logging Server:

    • From the CLI of the affected Edge node, execute the following command, replacing the placeholders with your specific details:

      set logging-server <hostname-or-ip-address[:port]> proto <protocol> level <log-level>

      Example:

      set logging-server 10.x.x.x:514 proto udp level info

  4. Confirm Configuration:

    • After setting the logging server, execute the command again to confirm the new configuration:

       get logging-servers

    • Verify that the remote syslog server details are now correctly displayed.

  5. Monitor Alarm:

    • The NSX Manager alarm should clear automatically after the Edge node successfully establishes communication and starts forwarding logs to the configured remote syslog server. This may take a few minutes.

Alternatively, if All NSX Nodes profile under Fabric > Profiles > Node Profiles > All NSX Nodes has the remote syslog server configuration already added, but the NSX Edge Nodes have not inherited the remote syslog configuration in NSX 4.2.2.x and above, use the "Redeploy Edge" button in the Edge Transport Nodes page of the NSX UI. 

Additional Information

Powered by Wolken Software