Forwarding syslog messages to a remote server

Google Cloud VMware Engine provides the option to send syslog messages to your remote syslog server. This configuration lets you collate and process syslog messages using remote logging and monitoring systems.

Before you begin

The steps in this document assume that you have done the following:

If you want to reference your remote syslog host by name, complete the following:
- For Standard VMware Engine networks, configure DNS bindings.
- For Legacy VMware Engine networks, configure conditional DNS forwarding rules.

Forward logs

The method of forwarding logs depends on the management appliance that you want to forward logs for.

For vCenter and ESXi logs, including NSX-T Distributed Firewall (DFW) Log, use VMware Engine.
For NSX-T Manager and NSX-T Edge VMs, use the NSX-T appliance.

Forward logs by using VMware Engine

To configure ESXi or vCenter to forward logs to the syslog server by using the Google Cloud console, Google Cloud CLI or VMware Engine API, do the following. If you plan to forward syslog from ESXi Hosts, change the default port on which the log agent listens from 5142 to 514. In that case, use the same port (514) for forwarding syslog from vCenter as well as NSX-T.

Console

To forward ESXi or vCenter logs to the syslog server by using the Google Cloud console, do the following:

In the Google Cloud console, go to the Private clouds page.

Go to Private clouds
Select the Syslog tab.
Click Create Source. The subtask for logging server creation displays.

gcloud

To configure ESXi or vCenter to forward logs to the syslog server by using the Google Cloud CLI, use the gcloud vmware private-clouds logging-servers create command.

gcloud vmware private-clouds logging-servers create LOGGING_SERVER_ID \
  --project=PROJECT_ID \
  --hostname="HOST_NAME" \
  --port="PORT" \
  --source-type="SOURCE_TYPE" \
  --protocol="PROTOCOL" \
  --private-cloud=PRIVATE_CLOUD_ID \
  --location=ZONE

Replace the following:

LOGGING_SERVER_ID: the logging server ID for this request.
PROJECT_ID: the project for this request.
HOST_NAME: the IP address or fully qualified domain name for this request.
PORT: the port number for this request.
SOURCE_TYPE: the source type, either ESXi or vCenter, for this request.
PROTOCOL: the protocol, either UDP or TCP, for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
ZONE: the zone for this request.

API

To configure ESXi or vCenter to forward logs to the syslog server by using the VMware Engine API, make a POST request:

    GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers?logging_server_id=LOGGING_SERVER_ID" -d '{
      "hostname": "HOST_NAME",
      "port": "PORT",
      "sourceType": "SOURCE_TYPE",
      "protocol": "PROTOCOL"
    }'

Replace the following:

PROJECT_ID: the project for this request.
ZONE: the zone for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
LOGGING_SERVER_ID: the logging server ID for this request.
HOST_NAME: the IP address or fully qualified domain name for this request.
PORT: the port number for this request.
SOURCE_TYPE: the source type, either ESXi or VCSA, for this request.
PROTOCOL: the protocol, either UDP or TCP, for this request.

Forward logs by using the NSX-T appliance

The process varies depending on whether you want to forward NSX-T Manager or NSX-T Edge VM logs.

NSX-T Manager

To configure NSX-T Manager in your VMware Engine private cloud to forward logs to your remote syslog server, do the following:

Sign in to the NSX-T appliance in your private cloud. See Accessing management appliances.
Go to System > Fabric > Profiles > Node Profiles.
To forward logs from all NSX nodes, select All NSX Nodes. Otherwise, select only the nodes you want to send the logs from.
In the Syslog Servers section, click Add.
In the FQDN or IP Address field, enter the IP address of your remote syslog host.
In the Port field, enter the port number on which the remote syslog server listens.
In the Protocol field, select a communication protocol.
In the Log Level field, select the level of log you want to forward.
Click Add.

NSX-T Edge VM

To configure NSX-T Edge VM in your VMware Engine private cloud to forward logs to your remote syslog server, contact Cloud Customer Care.

Manage logging servers on VMware Engine

The following procedures explain how to describe, list, edit, or delete your logging server.

Describe logging server

You can get the description of a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API by doing the following:

Console

To get the description of a configured logging server using the Google Cloud console, do the following:

In the Google Cloud console, go to the Private clouds page.

Go to Private clouds
Select the Syslog tab. Logging server details are listed in the Syslog table.

gcloud

To get the description of a configured logging server using the Google Cloud CLI, use the gcloud vmware private-clouds logging-servers describe command.

gcloud vmware private-clouds logging-servers describe LOGGING_SERVER_ID \
  --project=PROJECT_ID \
  --private-cloud=PRIVATE_CLOUD_ID \
  --location=ZONE

Replace the following:

LOGGING_SERVER_ID: the logging server ID for this request.
PROJECT_ID: the project for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
ZONE: the zone for this request.

API

To get the description of a configured logging server using the VMware Engine API, make the following request:

     GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/LOGGING_SERVER_ID"

Replace the following:

PROJECT_ID: the project for this request.
ZONE: the zone for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
LOGGING_SERVER_ID: the logging server ID for this request.

List logging server

You can get a list of logging servers using the Google Cloud console, Google Cloud CLI or VMware Engine API by doing the following:

Console

To get a list of configured logging servers using the Google Cloud console, do the following:

In the Google Cloud console, go to the Private clouds page.

Go to Private clouds
Select the Syslog tab. All configured logging servers are listed in the Syslog table.

gcloud

To get a list of configured logging servers using the Google Cloud CLI, use the gcloud vmware private-clouds logging-servers list command.

gcloud vmware private-clouds logging-servers list \
  --project=PROJECT_ID \
  --private-cloud=PRIVATE_CLOUD_ID \
  --location=ZONE

Replace the following:

PROJECT_ID: the project for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
ZONE: the zone for this request.

API

To get a list of configured logging servers using the VMware Engine API, make the following request:

     GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/"

Replace the following:

PROJECT_ID: the project for this request.
ZONE: the zone for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.

Edit a logging server

If you want to update a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API, do the following:

Console

If you want to update a configured logging server using the Google Cloud console, do the following:

In the Google Cloud console, go to the Private clouds page.

Go to Private clouds
Select the Syslog tab.
Click the More icon at the end of a row and select Edit.
Make your update in the logging server edit window.

gcloud

To update a configured logging server using the Google Cloud CLI, use the gcloud vmware private-clouds logging-servers update command.

gcloud vmware private-clouds logging-servers update LOGGING_SERVER_ID \
  --project=PROJECT_ID \
  --hostname="HOST_NAME" \
  --port="PORT" \
  --source-type="SOURCE_TYPE" \
  --protocol="PROTOCOL" \
  --private-cloud=PRIVATE_CLOUD_ID \
  --location=ZONE

Replace the following:

LOGGING_SERVER_ID: the logging server ID for this request.
- PROJECT_ID: the project for this request.
- HOST_NAME: the IP address or fully qualified domain name for this request.
- PORT: the port number for this request.
- SOURCE_TYPE: the source type, either ESXi or VCSA, for this request.
- PROTOCOL: the protocol, either UDP or TCP, for this request.
- PRIVATE_CLOUD_ID: the private cloud ID for this request.
- ZONE: the zone for this request.

API

To update a configured logging server using the VMware Engine API, make a PATCH request:

     PATCH "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/LOGGING_SERVER_ID?updateMask=hostname,sourceType,protocol,port" -d '{
        "hostname": "HOST_NAME",
        "port": "PORT",
        "sourceType": "SOURCE_TYPE",
        "protocol": "PROTOCOL"
     }'

Replace the following:

PROJECT_ID: the project for this request.
ZONE: the zone for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
LOGGING_SERVER_ID: the logging server ID for this request.
HOST_NAME: the IP address or fully qualified domain name for this request.
PORT: the port number for this request.
SOURCE_TYPE: the source type, either ESXi or VCSA, for this request.
PROTOCOL: the protocol, either UDP or TCP, for this request.

Delete a logging server

If you want to delete a logging server using the Google Cloud console, Google Cloud CLI or VMware Engine API, do the following:

Console

If you want to delete a configured logging server using the Google Cloud console, do the following:

In the Google Cloud console, go to the Private clouds page.

Go to Private clouds
Select the Syslog tab.
Click the More icon at the end of a row and select Delete.

gcloud

To delete a configured logging server using the Google Cloud CLI, use the gcloud vmware private-clouds logging-servers delete command.

gcloud vmware private-clouds logging-servers delete LOGGING_SERVER_ID \
  --project=PROJECT_ID \
  --private-cloud=PRIVATE_CLOUD_ID \
  --location=ZONE

Replace the following:

LOGGING_SERVER_ID: the logging server ID for this request.
PROJECT_ID: the project for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
ZONE: the zone for this request.

API

To delete a configured logging server using the VMware Engine API, make the a DELETE request:

     GET "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/loggingServers/NETWORK_ID"

Replace the following:

PROJECT_ID: the project for this request.
ZONE: the zone for this request.
PRIVATE_CLOUD_ID: the private cloud ID for this request.
NETWORK_ID: the network ID for this request.