Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Configure syslog on VMware ESXi hosts: VMware best practices

October 30, 2017 01:59PM

Syslog is a way for VMWare vSphere esxi servers or other network devices to send event messages to a logging server – usually known as a Syslog server (Inbuilt vSphere tool called as VMWare syslog collector). The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. Logs are collected and stored centrally, so it can easily backed up, viewed, retrieved, processed. Syslog is a great way to consolidate logs from multiple sources into a single location.

Vmware vsphere Syslog collector sends alerts to administrator check messages events centrally

Configuring Syslog server on esxi servers is a part of best practice, So all the logs are forwarded centrally for troubleshooting. Select Esxi host, navigate to Configure tab, in the Advanced system setting, click Edit, and search for syslog keyword, it list all the settings related to logs, In the setting modify Syslog.global.logHost and add your Syslog server information. In below format syslog can be added. I you want to output esxi logs to multiple remote syslog collectors, Multiple servers are supported and must be separated with comma (,). 514 is default port no for syslog and can be changed on remote syslog server, 1514 is used for SSL.

  • udp://syslogServer:514
  • tcp://syslogServer:514
  • ssl://syslogServer:1514
  • syslogserverIp_or_FQDN
  • udp://syslogServer:514, syslogserverIp_or_FQDN, ssl://syslogServer:1514

‚ÄčvSphere PowerCLI - Configure syslog on VMware ESXi hosts and Enable security profile firewall

VMware vSphere Web Client configure esxi Advanced System Settings modify Syslog.global.loghost syslog client service daemon

Next step configuring and opening firewall ports on esxi server, Select esxi, Navigate to Configure tab, in the Security profile on the Firewall click Edit, from the list enable syslog by clicking checkbox. In the last click Ok.

vmware vsphere web client esxi server configure security profile, edit, name syslog enable firewall ports 514 allow connection from any ip address

If you don't see any logs are getting collected, for troubleshooting purpose you can check the connectivity between esxi and syslog server also check the the Port reachability using nc tool (telnet) (if you are using udp port protocol type to gather logs you won't get any report using telnet and it will fail, instead you can use windows portquery tool from microsoft to whether port is listening). I am using opensource sexilog appliance to gather logs, and seeing syslogs are getting collected.

VMWare vsphere syslog Collector esxi configure udp tcp port 514 collect central logs configure firewall service ports, syslog log dir

VMWare Best practices
vSphere PowerCLI - Configure syslog on VMware ESXi hosts and Enable security profile firewall
VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH
vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol
POWERCLI AND VSPHERE WEB CLIENT: JOIN ESXI INTO ACTIVE DIRECTORY DOMAIN CONTROLLER

Go Back

Comment