How to change logging level in NSX

Networking, VMware
Page content

How to change logging level in NSX - Logo

Troubleshooting issues aren’t always fun and easy way to do. Especially in complex environments where multiple issues might occur at the same time. Having a way to easily find root cause is crucial. Today I will show you how to change logging level in NSX and its components.

Change logging level in NSX Manager

Unfortunately, it isn’t possible to change logging level in NSX Manager fro GUI. It has to be done using API calls or from the command line. In my earlier post https://www.wojcieh.net/configuring-syslog-server-for-vmware-nsx-components/ , I showed you how certain operations are done using REST API calls.

NSX Manager log levels:
OFF FATAL WARN ERROR INFO DEBUG TRACE ALL

Change logging level in NSX Manager - API

To check what kind of logging level initiate the following API call

GET https://IP ADDR/api/1.0/services/debug/loglevel/com.vmware.vshield

How to change logging level in NSX - 1

To enable debug logging level in NSX Manager initiate the following API call

POST https://IP ADDR/api/1.0/services/debug/loglevel/com.vmware.vshield?level=DEBUG

How to change logging level in NSX - 2

We will check once again if logging was changed to debug.

How to change logging level in NSX - 3

Change logging level in NSX Manager - command line

Changing logging level in NSX Manager via command line is fairly easy.

Login to NSX Manager via SSH and firs let’s check what is current logging level.

show com.vmware.vshield logging-level

How to change logging level in NSX - 4

Next step is to change it to another level.

How to change logging level in NSX - 5

Changing log level of NSX control plane

NSX Control Plane logs are written on each ESXi host. To modify ESXi netcpa log level it has to be done from command line.

Login to ESXi hosts you want to troubleshoot and find netcpa.xml file.

How to change logging level in NSX - 6

Enable writing to file by typing:

chmod +wt /usr/lib/vmware/netcpa/etc/netcpa.xml

Edit the file in vi and change following line:

<level>info</level>

to desired log level

<level>debug</level>

Restart netcpa service by typing:

/etc/init.d/netcpad restart

Changing logging level on Distributed Logical Router or Edge Services Gateway

There are several ways to change logging level on Distributed Logical Router or Edge Services Gateway.

Changing logging level on Distributed Logical Router or Edge Services Gateway - API call

In REST Client initiate following call

POST https://NSX Manager IP/api/4.0/edges/edgeID/logging?level=debug

How to change logging level in NSX - 7

Let’s check what level is configured in GUI.

How to change logging level in NSX - 8

Changing logging level on Distributed Logical Router or Edge Services Gateway - GUI

To change logging level on Distributed Logical Router or Edge Services Gateway click Action on DLR or ESG.

How to change logging level in NSX - 9

Select desired logging level.

How to change logging level in NSX - 10

There is as well possibility to enable logging with a different level per DLR or ESG components.

DLR Components

  1. DLR - HA

    How to change logging level in NSX - 11

  2. DLR - Dynamic Routing

    How to change logging level in NSX - 12

ESG Components

  1. ESG - DHCP

    How to change logging level in NSX - 13

  2. ESG - NAT rules

    How to change logging level in NSX - 14

  3. ESG - Routing

    How to change logging level in NSX - 15

  4. ESG - Load Balancer

    How to change logging level in NSX - 16

  5. ESG - IPsec VPN

    How to change logging level in NSX - 17

  6. ESG - SSL VPN-Plus

    How to change logging level in NSX - 18

Enabling Firewall logging

Enabling firewall rule logging is very easy.

Click on rule you want to log and in action section choose Log.

How to change logging level in NSX - 19

Summary

I hope you enjoyed this article. If you have any questions simply write a comment.

NSX 6.2 API Reference Guide