The other day at a customer I noticed that after we had upgraded the NSX environment (NSX Manager and NSX Controllers) from 6.2.4 to 6.3.4 the syslog configured on the NSX Controllers was lost and not retained after the upgrade.
One reason for this I suspect is that with version 6.3 and up on NSX the OS have changed to Photon OS. Thus the requirement to redeploy, delete the old NSX Controllers and create new ones based on the new OS.

Vmware says that the only supported method on configuring the syslog server on the NSX controllers is through the NSX API. One would believe that when you upgrade NSX Controllers that NSX Manager during redeployment of the NSX Controllers would push the old configuration of the old NSX Controllers via API over to the new NSX Controllers automatically.

I cannot myself find any related documentation from VMware regarding this. So I wanted to write a post to remind you to POST new syslog configuration for the NSX Controllers once the upgrade is completed.

Here is how it looks like on the NSX Controller after the upgrade:

Before you start the upgrade of the Controllers be sure to save the current syslog configuration from NSX Controllers so that it is easy to add that information back in the newly deployed NSX Controllers.

This is done by issuing a GET command and finding all the NSX Controller ID names against the NSX Manager:
GET https://nsx-mgr/api/2.0/vdn/controller

Then we fetch the syslog information from the NSX Controllers in this example controller-5 with:
GET https://nsx-mgr/api/2.0/vdn/controller/controller-5

We store this info in a place to remember 😉

Next we upgrade our NSX Manager and NSX Controllers as described in the Vmware Docs.

Next Step after the components are upgraded and everything looks to be OK in the GUI, we go ahead and POST back our Syslog configuration to the new NSX Controllers. Make sure to run the GET controllers again to find the new controller-id names for the new deployed machines since they have changed after the redeployment.

We do a POST against NSX Manager with the following and repeat for all NSX Controllers:
POST https://nsx-mgr/api/2.0/vdn/controller/controller-9/syslog
HEADER: Content-Type: application/xml
BODY:

Now head over to the Syslog receving server, vRealize Loginsight is what I use, and check that the logs are once again beeing recieved from the Controllers.

Happy NSX-ing,  X-Mas and New Year….