Configure Centralized Logging on ESXi Hosts

by admin

Following this post on installing and configuring the VMware syslog collector, this post will be about how to configure ESXi hosts to use it. One of the ways to configure syslog on your hosts is to use esxcli.

Configuring ESXi Syslog Settings using esxcli

After establishing a connection to the host, the first thing to do is to check the current configuration:

~ # esxcli system syslog config get
   Local Log Output: 
   Local Logging Default Rotation Size: 1024
   Local Logging Default Rotations: 8
   Log To Unique Subdirectory: false
   Remote Host: vc01.vmlab.loc

In this example we can see that the ‘Remote Host: vc01.vmlab.loc‘ indicates that this host is logging to the syslog collector installed on the vCenter server (vc01.vmlab.loc). Looking in the syslog collectors data folder on the vCenter we can see a syslog file for the host:


You can get more granular details on the different logs by running:

~ # esxcli system syslog config logger list
   Description: Default syslog catch-all
   Destination: syslog.log
   ID: syslog
   Rotation Size: 1024
   Rotations: 8

   Description: VMware AMQP daemon log
   Destination: vmamqpd.log
   ID: vmamqpd
   Rotation Size: 1024
   Rotations: 8

To set the remote host to log to you can run:

esxcli system syslog config set --loghost vc01.vmlab.loc

It’s possible to set multiple remote logging servers and you can specify the protocol to be used by running, for example:

esxcli system syslog config set –loghost vc01.vmlab.loc,tcp://,ssl://

The other configuration options available include:

~ # esxcli system syslog config set --help
Usage: esxcli system syslog config set [cmd options]

  set                   Set global log configuration options

Cmd options:
                        Default number of rotated local logs to keep
  --default-size= Default size of local logs before rotation, in KiB
  --logdir=        The directory to output local logs to
  --logdir-unique       Place logs in a unique subdirectory of logdir, based on hostname
  --loghost=       The remote host(s) to send logs to
  --reset=         Reset values to default

After making changes, it is recommended that you reload the syslog daemon:

# esxcli system syslog reload

If you have set up your hosts to log to a remote syslog collector but the logs aren’t showing up, then you should check your hosts firewall configuration to ensure that the syslog ports are open:
You could also set this using esxcli by running:

esxcli network firewall ruleset set -r syslog -e true

Configure ESXi Syslog Settings using the vSphere Client

You can configure syslog in the vSphere client by accessing the host’s advanced settings, and selecting ‘syslog’:

You can also configure these advanced settings using vMA or vCLI. For example, to get the value of the remote host to which the ESXi host is logging you could run:

vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -g
Value of is vc01.vmlab.loc

To change the value you could run:

vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -s vc01.vmlab.loc
Value of is vc01.vmlab.loc

Configure Syslog on ESXi using PowerCLI

You can also configure syslog settings using PowerCLI:

get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';''='udp://vc01.vmlab.loc:514'}

And to make the necessary host firewall change:

get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

Testing ESXi Syslog Configuration

To test your syslog configuration you can ‘mark’ all logs with a custom message by running:

~ # esxcli system syslog mark --message "Syslog Test Message"

Keep up to date with new posts on - Follow us on Twitter:
Be Sociable, Share!

Comments on this entry are closed.

Previous post:

Next post: