How to change logging level in NSX
Troubleshooting issues aren’t always fun and easy way to do. Especially in complex environments where multiple issues might occur at the same time. Having a way to easily find root cause is crucial. Today I will show you how to change logging level in NSX and its components.
Change logging level in NSX Manager
Unfortunately, it isn’t possible to change logging level in NSX Manager fro GUI. It has to be done using API calls or from the command line. In my earlier post https://www.wojcieh.net/configuring-syslog-server-for-vmware-nsx-components/ , I showed you how certain operations are done using REST API calls.
NSX Manager log levels:
Change logging level in NSX Manager - API
To check what kind of logging level initiate the following API call
GET https://IP ADDR/api/1.0/services/debug/loglevel/com.vmware.vshield
To enable debug logging level in NSX Manager initiate the following API call
POST https://IP ADDR/api/1.0/services/debug/loglevel/com.vmware.vshield?level=DEBUG
We will check once again if logging was changed to debug.
Change logging level in NSX Manager - command line
Changing logging level in NSX Manager via command line is fairly easy.
Login to NSX Manager via SSH and firs let’s check what is current logging level.
show com.vmware.vshield logging-level
Next step is to change it to another level.
Changing log level of NSX control plane
NSX Control Plane logs are written on each ESXi host. To modify ESXi netcpa log level it has to be done from command line.
Login to ESXi hosts you want to troubleshoot and find netcpa.xml file.
Enable writing to file by typing:
chmod +wt /usr/lib/vmware/netcpa/etc/netcpa.xml
Edit the file in vi and change following line:
to desired log level
Restart netcpa service by typing:
Changing logging level on Distributed Logical Router or Edge Services Gateway
There are several ways to change logging level on Distributed Logical Router or Edge Services Gateway.
Changing logging level on Distributed Logical Router or Edge Services Gateway - API call
In REST Client initiate following call
POST https://NSX Manager IP/api/4.0/edges/edgeID/logging?level=debug
Let’s check what level is configured in GUI.
Changing logging level on Distributed Logical Router or Edge Services Gateway - GUI
To change logging level on Distributed Logical Router or Edge Services Gateway click Action on DLR or ESG.
Select desired logging level.
There is as well possibility to enable logging with a different level per DLR or ESG components.
- DLR - HA
- DLR - Dynamic Routing
- ESG - DHCP
- ESG - NAT rules
- ESG - Routing
- ESG - Load Balancer
- ESG - IPsec VPN
- ESG - SSL VPN-Plus
Enabling Firewall logging
Enabling firewall rule logging is very easy.
Click on rule you want to log and in action section choose Log.
I hope you enjoyed this article. If you have any questions simply write a comment.