In my earlier article I wrote about Configure syslog on VMware ESXi hosts: VMware best practices using VMWare vSphere web client GUI. Configuring syslog server on multiple esxi host servers manually by clicks is very boring task, As automation is everywhere, use it to doing with better way in VMWare Powercli. for more on Powercli check my below articles
VMWARE VSPHERE POWERCLI INSTALLATION AND CONFIGURATION STEP BY STEP
POWERCLI INITIALIZE-POWERCLIENVIRONMENT.PS1 CANNOT BE LOADED BECAUSE RUNNING SCRIPTS IS DISABLED
Once logged into vCenter server using PowerCLI, Try below command to view existing information for syslog server on Esxi. Get-VMHostSysLogServer -VMHost esxi001.vcloud-lab.com, if you have multiple servers comma separate and use like Get-VMHost Esxi001, Esxi002 | Get-VMHostSysLogServer to get information in bulk. As in below screenshot I can see esxi001 has syslog information configuration. and server esxi002 doesn't.
Next to configure and modify setting use Set-VMHostSysLogServer -VMHost Esxi002.vcloud-lab.com -SysLogServer 'udp://192.168.34.15:514', Again if you have multiple server use the same technique to setup as shown above Get-VMHost Esxi001, Esxi002 | Set-VMHostSysLogServer -SysLogServer 'udp://192.168.34.15:514'.
For more on syslog port number and how to use them differently check Configure syslog on VMware ESXi hosts: VMware best practices.
Next enable esxi security profile firewall. To get the details about syslog firewall status use Get-VMhostFireWallException -VMhost esxi001.vcloud-lab.com -Name syslog. To know firewall information of multiple server, input name separated by comma (,). Check for the Status of Enabled, it should be true. To change it to true use Get-VMHostFireWallException -VMHost esxi002.vcloud-lab.com -Name Syslog | Set-VMHostFirewallException -Enabled:$True.
There is tip in the last if you want to remove syslog server and make it null use below one liner cmdlet.
Set-VMHostSysLogServer -SysLogServer $null -VMHost Host
Another tip is syslog configuration can also be changed using another cmdlet Set-AdvancedSetting. To get the current configuration run as as below.
Get-VMHost esxi001.vcloud-lab.com | Get-AdvancedSetting -Name Syslog.Global.Loghost
And to change the syslog.global.loghost information.
Get-VMHost esxi001.vcloud-lab.com | Get-AdvancedSetting -Name Syslog.Global.Loghost | Set-AdvancedSetting -Value udp://10.168.34.15:514 -Confirm:$false
This is my favorite method and I will be using Powercli esxcli v2 command, as it exposes the esxcli functionality.
This command connects and make connection to specific ESXi002 server.
$esxcli = Get-EsxCli -VMHost esxi002.vcloud-lab.com -V2
This will show the current configuration
$esxcli.system.syslog.config.get.Invoke()
Next configure syslog server and add entry to loghost, for successful configuration it shows true in the result.
$esxcli.system.syslog.config.set.invoke(@{loghost='tcp://192.168.34.11:514'})
Reload new configuration with
$esxcli.system.syslog.reload.invoke()
Next is configuring firewall, First command shows the syslog firewall rule, whether it is enabled, You can set and configure firewall enabled to true in second line of code, once configuration is successful it shows true. and third line refreshes firewall configuration.
$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid='syslog'})
$esxcli.network.firewall.ruleset.set.Invoke(@{rulesetid='syslog'; enabled=$true})
$esxcli.network.firewall.refresh.Invoke()
Here I tested free Syslog watcher tool, this only accepts and collect syslog messages over udp port.
Useful Articles
PART 2 : CONFIGURING ESXI ON VMWARE WORKSTATION HOME LAB
POWERCLI - CREATE DATACENTER AND ADD ESXI HOST IN VCENTER
PART 1 : BUILDING AND BUYING GUIDE IDEAS FOR VMWARE LAB
Resolved syslog error: Call OptionManager.UpdateValues for object ha-adv-options on ESXi failed