Forwarding syslog messages to a remote server
Google Cloud VMware Engine provides the option to send syslog messages to your remote syslog server. This configuration lets you collate and process syslog messages using remote logging and monitoring systems.
Before you begin
The steps in this document assume that you have done the following:
-
If you want to reference your remote syslog host by name, complete the following:
- For Standard VMware Engine networks, configure DNS bindings.
- For Legacy VMware Engine networks, configure conditional DNS forwarding rules.
Forward logs
The method of forwarding logs depends on the management appliance that you want to forward logs for.
- For vCenter and ESXi logs, including NSX-T Distributed Firewall (DFW) Log, use VMware Engine.
- For NSX-T Manager and NSX-T Edge VMs, use the NSX-T appliance.
Forward logs by using VMware Engine
To configure ESXi or vCenter to forward logs to the syslog server by using the
Google Cloud console, Google Cloud CLI or VMware Engine API, do the following. If
you plan to forward syslog from ESXi Hosts, change the default port on which the
log agent listens from 5142
to 514
. In that case, use the same port (514
)
for forwarding syslog from vCenter as well as NSX-T.
Console
To forward ESXi or vCenter logs to the syslog server by using the Google Cloud console, do the following:
In the Google Cloud console, go to the Private clouds page.
Select the Syslog tab.
Click Create Source. The subtask for logging server creation displays.
gcloud
To configure ESXi or vCenter to forward logs to the syslog server by using
the Google Cloud CLI, use the
gcloud vmware private-clouds logging-servers create
command.
gcloud vmware private-clouds logging-servers create LOGGING_SERVER_ID \ --project=PROJECT_ID \ --hostname="HOST_NAME" \ --port="PORT" \ --source-type="SOURCE_TYPE" \ --protocol="PROTOCOL" \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
LOGGING_SERVER_ID
: the logging server ID for this request.PROJECT_ID
: the project for this request.HOST_NAME
: the IP address or fully qualified domain name for this request.PORT
: the port number for this request.SOURCE_TYPE
: the source type, either ESXi or vCenter, for this request.PROTOCOL
: the protocol, either UDP or TCP, for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.ZONE
: the zone for this request.
API
To configure ESXi or vCenter to forward logs to the syslog server by using
the VMware Engine API, make a POST
request:
GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers?logging_server_id=LOGGING_SERVER_ID" -d '{ "hostname": "HOST_NAME", "port": "PORT", "sourceType": "SOURCE_TYPE", "protocol": "PROTOCOL" }'
Replace the following:
PROJECT_ID
: the project for this request.ZONE
: the zone for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.LOGGING_SERVER_ID
: the logging server ID for this request.HOST_NAME
: the IP address or fully qualified domain name for this request.PORT
: the port number for this request.SOURCE_TYPE
: the source type, either ESXi or VCSA, for this request.PROTOCOL
: the protocol, either UDP or TCP, for this request.
Forward logs by using the NSX-T appliance
The process varies depending on whether you want to forward NSX-T Manager or NSX-T Edge VM logs.
NSX-T Manager
To configure NSX-T Manager in your VMware Engine private cloud to forward logs to your remote syslog server, do the following:
- Sign in to the NSX-T appliance in your private cloud. See Accessing management appliances.
- Go to System > Fabric > Profiles > Node Profiles.
- To forward logs from all NSX nodes, select All NSX Nodes. Otherwise, select only the nodes you want to send the logs from.
- In the Syslog Servers section, click Add.
- In the FQDN or IP Address field, enter the IP address of your remote syslog host.
- In the Port field, enter the port number on which the remote syslog server listens.
- In the Protocol field, select a communication protocol.
- In the Log Level field, select the level of log you want to forward.
- Click Add.
NSX-T Edge VM
To configure NSX-T Edge VM in your VMware Engine private cloud to forward logs to your remote syslog server, contact Cloud Customer Care.
Manage logging servers on VMware Engine
The following procedures explain how to describe, list, edit, or delete your logging server.
Describe logging server
You can get the description of a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API by doing the following:
Console
To get the description of a configured logging server using the Google Cloud console, do the following:
In the Google Cloud console, go to the Private clouds page.
Select the Syslog tab. Logging server details are listed in the Syslog table.
gcloud
To get the description of a configured logging server using the Google Cloud CLI,
use the gcloud vmware private-clouds logging-servers describe
command.
gcloud vmware private-clouds logging-servers describe LOGGING_SERVER_ID \ --project=PROJECT_ID \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
LOGGING_SERVER_ID
: the logging server ID for this request.PROJECT_ID
: the project for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.ZONE
: the zone for this request.
API
To get the description of a configured logging server using the VMware Engine API, make the following request:
GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/LOGGING_SERVER_ID"
Replace the following:
PROJECT_ID
: the project for this request.ZONE
: the zone for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.LOGGING_SERVER_ID
: the logging server ID for this request.
List logging server
You can get a list of logging servers using the Google Cloud console, Google Cloud CLI or VMware Engine API by doing the following:
Console
To get a list of configured logging servers using the Google Cloud console, do the following:
In the Google Cloud console, go to the Private clouds page.
Select the Syslog tab. All configured logging servers are listed in the Syslog table.
gcloud
To get a list of configured logging servers using the Google Cloud CLI,
use the
gcloud vmware private-clouds logging-servers list
command.
gcloud vmware private-clouds logging-servers list \ --project=PROJECT_ID \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
PROJECT_ID
: the project for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.ZONE
: the zone for this request.
API
To get a list of configured logging servers using the VMware Engine API, make the following request:
GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/"
Replace the following:
PROJECT_ID
: the project for this request.ZONE
: the zone for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.
Edit a logging server
If you want to update a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API, do the following:
Console
If you want to update a configured logging server using the Google Cloud console, do the following:
In the Google Cloud console, go to the Private clouds page.
Select the Syslog tab.
Click the More
icon at the end of a row and select Edit.Make your update in the logging server edit window.
gcloud
To update a configured logging server using the Google Cloud CLI, use the
gcloud vmware private-clouds logging-servers update
command.
gcloud vmware private-clouds logging-servers update LOGGING_SERVER_ID \ --project=PROJECT_ID \ --hostname="HOST_NAME" \ --port="PORT" \ --source-type="SOURCE_TYPE" \ --protocol="PROTOCOL" \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
LOGGING_SERVER_ID
: the logging server ID for this request.PROJECT_ID
: the project for this request.HOST_NAME
: the IP address or fully qualified domain name for this request.PORT
: the port number for this request.SOURCE_TYPE
: the source type, either ESXi or VCSA, for this request.PROTOCOL
: the protocol, either UDP or TCP, for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.ZONE
: the zone for this request.
API
To update a configured logging server using the VMware Engine API,
make a PATCH
request:
PATCH "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/LOGGING_SERVER_ID?updateMask=hostname,sourceType,protocol,port" -d '{ "hostname": "HOST_NAME", "port": "PORT", "sourceType": "SOURCE_TYPE", "protocol": "PROTOCOL" }'
Replace the following:
PROJECT_ID
: the project for this request.ZONE
: the zone for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.LOGGING_SERVER_ID
: the logging server ID for this request.HOST_NAME
: the IP address or fully qualified domain name for this request.PORT
: the port number for this request.SOURCE_TYPE
: the source type, either ESXi or VCSA, for this request.PROTOCOL
: the protocol, either UDP or TCP, for this request.
Delete a logging server
If you want to delete a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API, do the following:
Console
If you want to delete a configured logging server using the Google Cloud console, do the following:
In the Google Cloud console, go to the Private clouds page.
Select the Syslog tab.
Click the More
icon at the end of a row and select Delete.
gcloud
To delete a configured logging server using the Google Cloud CLI, use the
gcloud vmware private-clouds logging-servers delete
command.
gcloud vmware private-clouds logging-servers delete LOGGING_SERVER_ID \ --project=PROJECT_ID \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
LOGGING_SERVER_ID
: the logging server ID for this request.PROJECT_ID
: the project for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.ZONE
: the zone for this request.
API
To delete a configured logging server using the VMware Engine API,
make the a DELETE
request:
GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/NETWORK_ID"
Replace the following:
PROJECT_ID
: the project for this request.ZONE
: the zone for this request.PRIVATE_CLOUD_ID
: the private cloud ID for this request.NETWORK_ID
: the network ID for this request.