For many NSX components you can easily configure a syslog server, such as vRealize Log Insight. This however is not simple and straightforward for the NSX Controller Nodes. For those components this setting has to be configured via the NSX API via HTTP REST. In this article I explain how to use vRealize Orchestrator to accomplish this task.
The syntax and procedure are described in two locations:
On-line Documentation: Configuring a Syslog Server for NSX Controller
Knowledge Base Article: Configuring syslog server for VMware NSX for vSphere 6.x controllers (2092228)
To use the HTTP Rest API to do this you can use several HTTP Rest Clients, such as the ones that come with Chrome or Firefox. But why not use vRealize Orchestrator, the tool all customers entitled to vCenter are entitled to use free of charge?
If you have never worked with vRealize Orchestrator then download and deploy the appliance and follow my guidelines in this article: Create Your First vRealize Orchestrator Workflow
Step 1: Add a Rest Host to your Inventory
You start with configuring a Rest Host in the inventory of vRealize Orchestrator that can later be used to send the HTTP Rest POST request to. This HTTP Rest Host must point to your NSX Manager instance. In the vRealze Orchestrator Library of workflows find the workflow named Add a REST Host and execute the workflow. Provide a name for this rest host, it does not have to match the FQDN for the host but it does make it easier to find the right host later in your inventory. For the URL field provide the https prefix and the FQDN for your NSX Manager instance.
In the next part of the wizard select basic authentication and provide the credentials of the admin user of NSX Manager.
Step 2: Add a Rest Operation
Next you must create an inventory object that refers to a Rest Host with the details of the operation to execute, in this case adding a syslog server to a controller. The URL to use is:
https://<nsxmgr-ip>/api/2.0/vdn/controller/{controller-id}/syslog
As you can see in the next image I have replaced the controller-id from the example above (with the brackets) to match my actual controller's id.
To find the controller's ID access the vSphere Web Client Networkign and Security plugin, browse to the Installation menu-option and look at the controllers in your environment. In this example here the ID of my controller is: controller-2.
Step 3: Invoke the Rest Operation
When I was in the process of finding out how to execute the HTTP POST operation with the right parameters I found it the most practical approach to create a new workflow and add the workflow item to that workflow named Invoke a Rest Operation.
Next run this workflow and provide the paramters.
The content to send with the POST request is: (from the KB)
<controllerSyslogServer>
<syslogServer>10.135.14.236</syslogServer>
<port>514</port>
<protocol>UDP</protocol>
<level>INFO</level>
</controllerSyslogServer>
To verify if your NSX Controller is actively sending log entries to your vRealize Log Insight server access the Interactive Analytics page of your server and search for nsx-controller.