Recently I deployed syslog server in my vCloud Lab and was looking for a way to send Edge gateway logs to my syslog server. This post in focused on how to configure edge gateway syslog settings. 

VMware vCloud® Air supports the ability for customers to collect information about traffic coming to and from their edge gateway through the use of a syslog server. By configuring edge gateway to transfer log data to your syslog server, you can then set up alerts or notifications and build reports with your preferred tools.

If you do not have ANS subscription in vCloud Air then the only way to configure syslog settings on the Edge gateway is via vCloud API. There is no option available in GUI when you open edge gateway properties from within vCloud Director interface.

When it comes to using Rest API we have variety of choice to use as Rest Client. Some of the common clients include curl, Postman,Mozilla rest Client etc.

I personally prefers curl and postman and in this post I will demonstrate the curl option.

Requirements to Configure Syslog on Edge Gateway:

1: A REST client.

2: vCloud Air credentials.

3: vCloud Air Endpoint/Org name.

4: Configured syslog server and IP address.

Obtaining vCloud Air Endpoint/Org name

You can obtain the endpoint details by logging into vCloud Air portal and navigating to your Org/vDC.

Obtaining vCloud Air supported API versions

List of supported API versions that can be used with vCloud Air can be obtained by firing below command. 

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “mjha@vmware.com” -X GET https://au-south-1-15.vchs.vmware.com/api/versions

You will get a long list of versions as output. Select any one of the version. Also make a note of the login URL. 

<VersionInfo>
 <Version>9.0</Version>
 <LoginUrl>https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions</LoginUrl>
</VersionInfo>

Obtaining Auth Code for vCloud API Login

You need 4 things for generating Auth code for API login

A: Login URL (copy from previous output)

B: API Version: (copy from previous output)

C: Customer Header: Accept:application/*+xml;version=9.0

D: vCloud Air Credentials in format: username@domain-name@org-name

When you have all the 4 info handy, fire below API query to obtain Auth code

# curl -sik -H “Accept:application/*+xml;version=9.0” -u “mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions | grep auth

Enter host password for user ‘mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f’:

x-vcloud-authorization: 1e95dc1064aa4083ae79bb617221853e

Now use following API queries in sequence

Find Org Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/org/ | grep bdd75fd4-a319-47d5-b4f2-77aad691488f    

Note: bdd75fd4-a319-47d5-b4f2-77aad691488f is my org name

<Org href="https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624" name="bdd75fd4-a319-47d5-b4f2-77aad691488f" >

Find vDC Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624 | grep vdc

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826" name="Manish-VCAP-LAB" >
 

Find Edge Gateway Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826 | grep edge

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/vdc/e89232de-3507-4b66-98d7-8ec25e99c826/edgeGateways" >

Find Edge Gateway UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/vdc/e89232de-3507-4b66-98d7-8ec25e99c826/edgeGateways | grep EdgeGatewayRecord

< href="https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/edgeGateway/199fd7be-49fc-4cfb-862e-cb85e9cc4f6c" >

Once you obtain the edge UUID we need to update the edge by supplying a custom xml file which will enable the syslog settings. 

First create an xml file with below content

# cat syslog.xml

<?xml version="1.0" encoding="UTF-8"?> 
<SyslogServerSettings xmlns="http://www.vmware.com/vcloud/v1.5">
<TenantSyslogServerSettings> 
<SyslogServerIp>192.168.109.9</SyslogServerIp> 
</TenantSyslogServerSettings> 
</SyslogServerSettings>

Now execute below API call to configure the syslog settings. Append /action/configureSyslogServerSettings to the edge gateway uuid href which we obtained in previous step

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “Content-Type:application/*+xml” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X POST https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/edgeGateway/199fd7be-49fc-4cfb-862e-cb85e9cc4f6c/action/configureSyslogServerSettings -d @syslog.xml

You should see a Http 202  Accepted in output and the task details

HTTP/1.1 202 Accepted
Date: Sun, 06 Aug 2017 06:28:55 GMT

<Task xmlns="http://www.vmware.com/vcloud/v1.5" cancelRequested="false" expiryTime="2017-08-13T06:28:55.775Z" operation="NETWORK_CONFIGURE_GATEWAY_SYSLOGSERVER_SETTINGS EdgeGateway (199fd7be-49fc-4cfb-862e-cb85e9cc4f6c)" operationName="networkConfigureEdgeGatewaySyslogServerSettings" serviceNamespace="com.vmware.vcloud" startTime="2017-08-06T06:28:55.775Z" status="queued" name="task" id="urn:vcloud:task:ef975e97-c9d6-460f-8ff0-365e4e5d1401" href="https://au-south-1-15.vchs.vmware.com/api/compute/api/task/ef975e97-c9d6-460f-8ff0-365e4e5d1401" type="application/vnd.vmware.vcloud.task+xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://au-south-1-15.vchs.vmware.com/api/compute/api/v1.5/schema/master.xsd">

 <User href="https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/user/6c442711-cd6e-4aba-8c32-1f963faf3b33" name="mjha@vmware.com" type="application/vnd.vmware.admin.user+xml"/>

 <Organization href="https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624" name="bdd75fd4-a319-47d5-b4f2-77aad691488f" type="application/vnd.vmware.vcloud.org+xml"/>
 <Details/>
</Task>

Open the edge gateway properties again and verify syslog server IP is now present.

On my syslog server I can see log files getting populated

[root@syslogsrv vse-40b96734-3311-48ea-9b91-a34cf2efc0bc-0]# ls
config.log firewall.log monit.log syslog-ng.log

Also in /var/log/messages I can see log entries from edge gateway

Aug 6 08:01:04 vse-40b96734-3311-48ea-9b91-a34cf2efc0bc-0 firewall[]: [4f5feba5-bb82-456e-8898-95d4970f2624]: ACCEPT_4IN= OUT=vNic_1 SRC=91.108.183.59 DST=192.168.109.2 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=28163 DF PROTO=TCP SPT=52527 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 6 08:01:10 vse-40b96734-3311-48ea-9b91-a34cf2efc0bc-0 firewall[]: [4f5feba5-bb82-456e-8898-95d4970f2624]: ACCEPT_4IN= OUT=vNic_1 SRC=218.38.56.94 DST=192.168.109.2 LEN=52 TOS=0x02 PREC=0x00 TTL=106 ID=26042 DF PROTO=TCP SPT=58010 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Aug 6 08:01:12 vse-40b96734-3311-48ea-9b91-a34cf2efc0bc-0 firewall[]: [4f5feba5-bb82-456e-8898-95d4970f2624]: ACCEPT_4IN= OUT=vNic_1 SRC=118.101.56.13 DST=192.168.109.2 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=14253 DF PROTO=TCP SPT=62863 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

Additional Sources

Configure Syslog Settings on vCloud Air Edge Gateway

KB-2054827

Leave a reply