NSX Edge Node Alarm: "One or More Edge Nodes Are Not Currently Configured to Forward Log Messages to a Remote Logging Server"
search cancel

NSX Edge Node Alarm: "One or More Edge Nodes Are Not Currently Configured to Forward Log Messages to a Remote Logging Server"

book

Article ID: 413417

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Title: Alarm for Remote Logging Not Configured

Alarm Description

  • Purpose: Indicates if remote logging server is not configured for NSX Edge nodes.
  1. The NSX Manager UI displays an alarm titled: "One or more edge nodes are not currently configured to forward log messages to a remote logging server."
  2. When logged into the CLI of the affected Edge node(s) and executing the command get logging-servers, the output shows no configured remote syslog server, or the configuration is incorrect/incomplete.

 

Environment

VMware NSX 

Cause

Centralized remote logging is a fundamental operational and security best practice within any enterprise environment. The NSX Manager actively monitors for compliance with such configurations on its managed Edge nodes. The absence of a properly configured remote syslog server directly triggers this health alarm, indicating a configuration deficiency.

Resolution

To resolve this alarm and ensure proper log management, configure the affected NSX Edge nodes to forward their syslog output to a remote logging server using the NSX CLI.

Procedure:

  1. Identify Affected Edge Nodes:

    • Check the NSX Manager UI to identify which specific Edge nodes are triggering the alarm.
    • Alternatively, log into the CLI of each suspected Edge node.

  2. Verify Current Configuration (Optional):

    • Log in to the CLI of the affected Edge node.
    • Execute the command:
       get logging-servers
    • This command will display the current remote logging server configuration. If it's empty or incorrect, proceed to the next step.

  3. Configure Remote Logging Server:

    • From the CLI of the affected Edge node, execute the following command, replacing the placeholders with your specific details:

      set logging-server <hostname-or-ip-address[:port]> proto <protocol> level <log-level>

      Example:

      set logging-server 10.x.x.x:514 proto udp level info

  4. Confirm Configuration:

    • After setting the logging server, execute the command again to confirm the new configuration:
       get logging-servers
    • Verify that the remote syslog server details are now correctly displayed.

  5. Monitor Alarm:

    • The NSX Manager alarm should clear automatically after the Edge node successfully establishes communication and starts forwarding logs to the configured remote syslog server. This may take a few minutes.

Additional Information

Powered by Wolken Software