Enabling syslog on ESX
search cancel

Enabling syslog on ESX


Article ID: 343409


Updated On:


VMware vSphere ESXi


All ESX/ESXi hosts run a syslog service (syslogd) which logs messages from the VMkernel and other system components to a file.
Note: In ESX, you must modify the remote host option in the /etc/syslog.conf file. The remote host options are:
  • Log file path – Specifies a datastore path to the file where syslogd logs all messages.
  • Remote host – Specifies a remote host to which syslog messages are forwarded. To receive the forwarded syslog messages, your remote host must have a syslog service installed.
  • Remote port – Specifies the port used by the remote host to receive syslog messages.


VMware ESX 4.1.x
VMware ESX Server 3.5.x
VMware ESX Server 2.5.x
VMware ESX 4.0.x
VMware ESX Server 3.0.x
VMware ESX Server 2.0.x
VMware ESX Server 2.1.x


To log events from an ESX host to a remote syslog server:
  1. Log in to the ESX host as root using an SSH client.
  2. Open the /etc/syslog.conf file using a text editor.
  3. Add this entry at the end of the file:

    *.* @IP_address_of_syslog-server

    For example:

    *.* @

    Note: If you are changing from the default syslog port 514 to a different port, the entry should appear similar to:

    *.* @

    For example, if you are changing the port to 520, the entry should be:

    *.* @

    It is not absolutely necessary to send all messages to a remote syslog server.
    Instead of using *.* in the example above, one could use *.warning or *.crit to only send messages of a certain level or higher.

    The various syslog levels and their description are:
    • emerg – System is or will be unusable if situation is not resolved
    • alert – Immediate action required
    • crit – Critical situations
    • warning – Recoverable errors
    • notice – Unusual situation that merits investigation; a significant event that is typically part of normal day-to-day operation
    • info – Informational messages
    • debug – Verbose data for debugging

  4. Restart the syslog daemon using the command:

    service syslog restart

  5. Run this command to check if the ESX firewall has been opened for the syslog traffic:

    esxcfg-firewall -q|grep syslog

    If the firewall is open, you see an output similar to:

    syslog : port 514 udp.out

    If the firewall is closed, you do not see any output.

  6. To open the firewall on the ESX host for syslog traffic and to refresh the firewall, run this command:

    esxcfg-firewall -o 514,udp,out,syslog && esxcfg-firewall -l

Additional Information

Enabling syslog on ESXi 3.5 and 4.x
Configuring syslog on ESXi
ESX での syslog の有効化
在 ESX 上启用 syslog