Latest Posts



Translate

Total Pageviews

Wednesday, 30 September 2015

Installing Syslog Collector & Configuring Centralized Logging on ESXi Hosts

Starting with vCenter 5.0 VMware introduced the vSphere Syslog Collector tool. This was made in order for admins to centralize their ESXi systems logs in one place, since these logs by default sit locally on the hypervisor system partition or on a datastore. You could use third party tools to manage all the log information, but those tools cost extra money and VMware vSphere Syslog Collector works just great for a small to medium environment.
Since VMware vSphere Syslog Collector is part of the vCenter media all you have to do is mount the ISO, click the vSphere Syslog Collector menu then hit Install.

Question:- After setting up remote syslog collector, I see only one type of log file as syslog.log for all ESXi hosts.What all logs does it hold as generally if are checking the logs locally on an ESXi we look for hostd.log, vmkernel.log, vmkwarning.log & so on ?
So where are all these logs in syslog.log which is coming remotely ?

Answer:- It is combining your logs into the syslog.log file you are looking at for each host. I can confirm from a quick look at mine-

vobd

vpxa

vmkernal

hostd

fdm

vmkwarning

rhttpproxy

snmpd

hostd-probe





Select Language

Now click on next


Now select i accept the terms and click on next


Select the log file size before rotation and number of logs to keep as per your requirement


Select standalone installation


Configure the port numbers or either keep the default port number


Provide the syslog collector identification information


Click on install to start the installation


Click on finish button


Run this command to check the current syslog configuration at esxi


You can get more granular details on the different logs by running:


To set the remote host to log to you can run:


It’s possible to set multiple remote logging servers and you can specify the protocol to be used by running, for example:
 
esxcli system syslog config set –loghost vc01.vmlab.loc,tcp://10.10.10.1:514,ssl://10.10.10.2:1514
After making changes, it is recommended that you reload the syslog daemon:


If you have set up your hosts to log to a remote syslog collector but the logs aren’t showing up, then you should check your hosts firewall configuration to ensure that the syslog ports are open:


You could also set this using esxcli by running:


To test your syslog configuration you can ‘mark’ all logs with a custom message by running:


Then Move to the Syslog Server and Check this directory:-
c:\programdata\vmware\vmware syslog collector\data\your esxi host ip address folder\syslog.log and search for the test message