• The purpose of this article is to provide a comprehensive guide for administrators on retrieving and inspecting system log files. It outlines the specific procedures for utilizing both the REST API for automated log harvesting and the Command Line Interface (CLI) for manual, real-time troubleshooting. By following these methods, users can efficiently isolate system events, audit service activities, and streamline the diagnostic process without relying solely on the graphical user interface.

• This document serves as a technical reference for performing log-file analysis via the API and CLI. It covers essential workflows including:

  • Authenticating and querying log endpoints via REST API.

  • Accessing archived or rotated logs that may not be visible through the standard management console. This guide is intended to assist in rapid live log-file view.

• VMware NSX-T

Using Command Line - 

• In NSX-T appliances syslog messages are in /var/log/syslog.
• In NSX-T appliances, you can run the following CLI command to view the logs:
  
  > get log-file <auth.log | controller | controller-error | http.log | kern.log | manager.log | node-mgmt.log | policy.log | syslog> follow

Note - If you run the command without the keyword "follow" it will show all the logs stored in the particular log-file. To see the current/live logs use the keyword "follow" at the end of command

Using API Call -

• You can also access logs using the below API calls. The file log contains syslog messages with audit="true" in the structured-data field.
  
  /api/v1/administration/audit-logs
/api/v1/administration/
/api/v1/administration/auth.log
/api/v1/administration/controller
/api/v1/administration/controller-error
/api/v1/administration/http.log
/api/v1/administration/kern.log
/api/v1/administration/manager.log
/api/v1/administration/node-mgmt.log
/api/v1/administration/policy.log
/api/v1/administration/syslog.
  

If NSX-T fails to access or write messages to a log file, an alarm will be generated. The possible errors are:

• A local log file is missing.
• A local log file's permission or ownership setting prevents NSX-T from writing to the file.
• NSX-T is unable to send log messages to a third-party remote log server. Note that an alarm will not be raised if NSX-T fails to send logs to the Log Insight agent.
• The alarm can be resolved through the alarm framework.

Please refer the techdoc for more info - https://techdocs.broadcom.com/us/en/vmware-cis/nsx/nsxt-dc/3-1/administration-guide/operations-and-management/log-messages-and-error-codes.html