Skip to main content
  1. Posts/

ESXi 5.0 and Remote syslog

·390 words·2 mins· loading · loading · ·
Howto ESXi VMA

So I have started laying out the beginnings of the new vSphere 5 infrastructure at my work.  Got a couple of hosts laid out, vCenter built up, and dotting my i’s.  The particular piece I was working on just a few moments ago was remote syslog for the ESXi hosts.

We all know that with the release of vMA 5 that vi-logger was removed from the distribution…why I am not sure…but it was.  This doesn’t mean that you can’t still use the vMA for logging.  In comes good ol’ syslog-ng which is standard in the distribution.  The configuration was done with some tips from VirtuallyGhetto so I won’t go into the details of that portion as to not recreate the wheel.

Onwards!!!

In order to configure an ESXi host for remote logging we can do this from either the GUI or from the vMA using esxcli when connected to each host.  In the GUI, you will find the settings in Host Configuration->Advanced Settings->Syslog.  The information that is immediately pertinent is the Syslog.global.logHost.  When adding something to this field you need to follow the following format: protocol://RemoteSyslogServer:port.

When configuring this from the vMA using esxcli, just connect to your target and run:

esxcli system syslog config set --loghost=protocol://RemoteSyslogServer:port

This will configure the target host with your remote syslog server information.  In immediate thought you would think this would get it to start working…nope…we aren’t done yet.  After you configure the remote syslog server information you will need to open the outbound ports on your ESXi hosts’ firewalls.  This can be done through Host Configuration->Security Profile->Firewall Properties.  Just enable the syslog outbound connections and this portion is all set.  Finished…NOPE!  PSYCH!

Another step that is required before logging actually starts to work is to reload the syslog service on your target hosts.  You can do this from the vMA by connecting to your target hosts and running:  esxcli system syslog reload

Finally, you can sit back and relax while your hosts start to log to your vMA host.  Enjoy!

Here are some references you can look to for guidance:

If you have any questions or comments then please feel free to sound off in the comments!

James Bowling
Author
James Bowling
Principal Cloud Engineer @ Global Oil/Gas Drilling Company

Related

ESXi 5.0 and APC SmartUPS 1000
·1057 words·5 mins· loading · loading
Howto Scripts Tools ESXi VCLI VMA
Enabling Local/Remote Tech Support Mode in ESXi 4.1
·281 words·2 mins· loading · loading
Howto ESXi TSM
ESXi 4.1 Patches Applied...VMware Tools disappear!
·292 words·2 mins· loading · loading
Howto ESXi Upgrades