Following this post on installing and configuring the VMware syslog collector, this post will be about how to configure ESXi hosts to use it. One of the ways to configure syslog on your hosts is to use esxcli.
Configuring ESXi Syslog Settings using esxcli
After establishing a connection to the host, the first thing to do is to check the current configuration:
~ # esxcli system syslog config get Local Log Output: Local Logging Default Rotation Size: 1024 Local Logging Default Rotations: 8 Log To Unique Subdirectory: false Remote Host: vc01.vmlab.loc
In this example we can see that the ‘Remote Host: vc01.vmlab.loc‘ indicates that this host is logging to the syslog collector installed on the vCenter server (vc01.vmlab.loc). Looking in the syslog collectors data folder on the vCenter we can see a syslog file for the host:
You can get more granular details on the different logs by running:
~ # esxcli system syslog config logger list Description: Default syslog catch-all Destination: syslog.log ID: syslog Rotation Size: 1024 Rotations: 8 Description: VMware AMQP daemon log Destination: vmamqpd.log ID: vmamqpd Rotation Size: 1024 Rotations: 8
To set the remote host to log to you can run:
esxcli system syslog config set --loghost vc01.vmlab.loc
It’s possible to set multiple remote logging servers and you can specify the protocol to be used by running, for example:
esxcli system syslog config set –loghost vc01.vmlab.loc,tcp://10.10.10.1:514,ssl://10.10.10.2:1514
The other configuration options available include:
~ # esxcli system syslog config set --help
Usage: esxcli system syslog config set [cmd options]
Description:
set Set global log configuration options
Cmd options:
--default-rotate=
Default number of rotated local logs to keep
--default-size= Default size of local logs before rotation, in KiB
--logdir= The directory to output local logs to
--logdir-unique Place logs in a unique subdirectory of logdir, based on hostname
--loghost= The remote host(s) to send logs to
--reset= Reset values to default
After making changes, it is recommended that you reload the syslog daemon:
# esxcli system syslog reload
If you have set up your hosts to log to a remote syslog collector but the logs aren’t showing up, then you should check your hosts firewall configuration to ensure that the syslog ports are open:
You could also set this using esxcli by running:
esxcli network firewall ruleset set -r syslog -e true
Configure ESXi Syslog Settings using the vSphere Client
You can configure syslog in the vSphere client by accessing the host’s advanced settings, and selecting ‘syslog’:
You can also configure these advanced settings using vMA or vCLI. For example, to get the value of the remote host to which the ESXi host is logging you could run:
vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -g Syslog.global.logHost Value of Syslog.global.logHost is vc01.vmlab.loc
To change the value you could run:
vi-admin@uk202018:~[esxi1.vmlab.loc]> vicfg-advcfg -s vc01.vmlab.loc Syslog.global.logHost Value of Syslog.global.logHost is vc01.vmlab.loc
Configure Syslog on ESXi using PowerCLI
You can also configure syslog settings using PowerCLI:
get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';'Syslog.global.logHost'='udp://vc01.vmlab.loc:514'}
And to make the necessary host firewall change:
get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true
Testing ESXi Syslog Configuration
To test your syslog configuration you can ‘mark’ all logs with a custom message by running:
~ # esxcli system syslog mark --message "Syslog Test Message"