When configuring remote hosts (loghosts) for syslog, the specified ports would need to be opened in the firewall for log messages to be transmitted. In specific circumstances, this process is automated by the vmsyslogd service, but it is different for ESXi releases.

• In earlier releases, when configuring vmsyslogd, the ESXi syslog daemon, to transmit messages to syslog (message) collectors (remote hosts (loghosts)), an administrator would have to manually open the firewall for the ports specified for the syslog collectors.

For syslog collectors configured with standard ports (514 for TCP/UDP and
1514 for SSL), this means simply enabling the syslog firewall ruleset, and
this remains true for all ESXi releases.

For loghosts configured with non-standard ports (other than those mentioned
above), this meant manually opening these ports in the firewall
(for instance, by modifying the /etc/vmware/firewall/service.xml file).

• In the releases below (and later), vmsyslogd has been enhanced to automatically open the non-standard ports in the firewall. This is done by automatically creating persistent dynamic firewall rules for the port involved.
•    In ESXi 7.0.3 (70P09) non-standard ports are auto punched in the firewall.
•    In ESXi 80U2 (80P03) non-standard ports are auto punched in the firewall.