When configuring remote hosts (loghosts) for syslog, the specified ports would need to be opened in the firewall for log messages to be transmitted. In specific circumstances, this process is automated by the vmsyslogd service, but it is different for ESXi releases.
For syslog collectors configured with standard ports (514 for TCP/UDP and
1514 for SSL), this means simply enabling the syslog firewall ruleset, and
this remains true for all ESXi releases.
For loghosts configured with non-standard ports (other than those mentioned
above), this meant manually opening these ports in the firewall
(for instance, by modifying the /etc/vmware/firewall/service.xml file).