Configure Centralized Logging on ESXi Hosts

by admin

Following this post on installing and configuring the VMware syslog collector, this post will be about how to configure ESXi hosts to use it. One of the ways to configure syslog on your hosts is to use esxcli.

Configuring ESXi Syslog Settings using esxcli

After establishing a connection to the host, the first thing to do is to check the current configuration:

~ # esxcli system syslog config get
   Local Log Output: 
   Local Logging Default Rotation Size: 1024
   Local Logging Default Rotations: 8
   Log To Unique Subdirectory: false
   Remote Host: vc01.vmlab.loc

In this example we can see that the ‘Remote Host: vc01.vmlab.loc‘ indicates that this host is logging to the syslog collector installed on the vCenter server (vc01.vmlab.loc). Looking in the syslog collectors data folder on the vCenter we can see a syslog file for the host:

syslog_file

You can get more granular details on the different logs by running:

~ # esxcli system syslog config logger list
   Description: Default syslog catch-all
   Destination: syslog.log
   ID: syslog
   Rotation Size: 1024
   Rotations: 8

   Description: VMware AMQP daemon log
   Destination: vmamqpd.log
   ID: vmamqpd
   Rotation Size: 1024
   Rotations: 8

To set the remote host to log to you can run:

esxcli system syslog config set --loghost vc01.vmlab.loc

It’s possible to set multiple remote logging servers and you can specify the protocol to be used by running, for example:

esxcli system syslog config set –loghost vc01.vmlab.loc,tcp://10.10.10.1:514,ssl://10.10.10.2:1514

The other configuration options available include:

~ # esxcli system syslog config set --help
Usage: esxcli system syslog config set [cmd options]

Description:
  set                   Set global log configuration options

Cmd options:
  --default-rotate=
                        Default number of rotated local logs to keep
  --default-size= Default size of local logs before rotation, in KiB
  --logdir=        The directory to output local logs to
  --logdir-unique       Place logs in a unique subdirectory of logdir, based on hostname
  --loghost=       The remote host(s) to send logs to
  --reset=         Reset values to default

After making changes, it is recommended that you reload the syslog daemon:

# esxcli system syslog reload

If you have set up your hosts to log to a remote syslog collector but the logs aren’t showing up, then you should check your hosts firewall configuration to ensure that the syslog ports are open:
syslog_esxi_firewall
You could also set this using esxcli by running:

esxcli network firewall ruleset set -r syslog -e true

Configure ESXi Syslog Settings using the vSphere Client

You can configure syslog in the vSphere client by accessing the host’s advanced settings, and selecting ‘syslog’:
syslog2

You can also configure these advanced settings using vMA or vCLI. For example, to get the value of the remote host to which the ESXi host is logging you could run:

vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -g Syslog.global.logHost
Value of Syslog.global.logHost is vc01.vmlab.loc

To change the value you could run:

vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -s vc01.vmlab.loc Syslog.global.logHost
Value of Syslog.global.logHost is vc01.vmlab.loc

Configure Syslog on ESXi using PowerCLI

You can also configure syslog settings using PowerCLI:

get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';'Syslog.global.logHost'='udp://vc01.vmlab.loc:514'}

And to make the necessary host firewall change:

get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

Testing ESXi Syslog Configuration

To test your syslog configuration you can ‘mark’ all logs with a custom message by running:

~ # esxcli system syslog mark --message "Syslog Test Message"

Keep up to date with new posts on Buildvirtual.net - Follow us on Twitter:
Be Sociable, Share!

Comments on this entry are closed.

Previous post:

Next post: