Configure desired level of vCenter logs sent to Remote Syslog Server

search cancel

Configure desired level of vCenter logs sent to Remote Syslog Server

book

Article ID: 345261

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

With the default settings, vCenter server is sending an huge amount of logs to the syslog server.

You are getting far more messages than wanted and would like that only the desired level of logs to be sent to Syslog server (e.g logs above warning).

Environment

VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server 7.x
VMware vCenter Server 8.x

Resolution

Back up the syslog.conf file located at /etc/vmware-syslog
Edit the syslog.conf and replace *.* with the type of messages you want to forward
eg: *.warn;*.error;*.crit;*.alert;*.emerg @SYSLOG_SERVER_IP:514;RSYSLOG_SyslogProtocol23Format

Log files to redirect

Option	Description
*	All log files are redirected to the remote machine.
info	Only logs above or equal to informational level are redirected to the remote machine.
notice	Only logs above or equal to notice level are redirected to the remote machine.Notice indicates normal but significant condition.
warn	Only logs above or equal to warnings level are redirected to the remote machine.
error	Only logs above or equal to error level are redirected to the remote machine.
crit	Only critical log files are redirected to the remote machine.
alert	Only logs above or equal to alert level are redirected to the remote machine. Alert indicates that action must be taken immediately.
emerg	Only emergency log files are redirected to the remote machine. Emergency indicates that the system stopped responding and cannot be used.

Restart rsyslog service
systemctl restart rsyslog

Run the following commands to test the different levels

logger -p syslog.info "Info test - this won't appear at syslog server"

logger -p syslog.warn "Warn test - this won't appear at syslog server"

logger -p syslog.error "Error test - this will appear at syslog server"

logger -p syslog.crit "Crit test - this will appear at syslog server"

Additional Information

To configure vCenter logs forwarding to a remote server

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.monitoring.doc/GUID-9633A961-A5C3-4658-B099-B81E0512DC21.html

Feedback

thumb_up Yes

thumb_down No