Forwarding vmware.log to a syslog server.

Products

VMware vSphere ESXi

Issue/Introduction

When syslog is configured on the ESXi host, only the system logs present in the scratch partition are forwarded to the syslog server.

This article explains the procedure to forward vmware.log for VMs to syslog server.

Environment

VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x

Resolution

The vmx.log.syslogID option allows you to tag or identify logs from a specific VM with a unique identifier when those logs are sent to the syslog server. This can be useful if you need to correlate logs from multiple VMs or differentiate logs from multiple VMs running on the same ESXi host.
Below are the steps to forward VM logs with a unique identifier. These edits take effect only on that virtual machine:
1. 1. Login to vSphere Client.
  2. Power off the VM.
  3. Right-click on the VM -> select Edit Settings.
  4. Select VM Options tab -> Advanced -> Configuration Parameters.
  5. Click on Edit Configuration -> Add configuration Params
  6. Add Name = vmx.log.syslogID and Value = <VM name>
  7. Save the changes.

- Once the syslog configuration is successful we could see the below logs from this path >> /vmfs/volumes/dsuuid/vm_name/vmware.log

Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: VMXNET3 user: Supported set 0x000001ff, configured set 0x0####007
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: VMXNET3 user: Ethernet0: return PTCR[0] value: 0x800######
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: VMXNET3 user: Ethernet0: return DCR[0] value: 0x2ffff
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: VMXNET3 user: Ethernet0 Max Queues requested by vmx: 808
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:0 Port COMRESET requested.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:0: Moved to COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:1 Port COMRESET requested.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:1: Write to PxSCTL.DET while no device present.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:1: Moved to COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:2 Port COMRESET requested.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:2: Write to PxSCTL.DET while no device present.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:2: Moved to COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:3 Port COMRESET requested.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:3: Write to PxSCTL.DET while no device present.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:3: Moved to COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:1: Exiting COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:2: Exiting COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:3: Exiting COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:0: Exiting COMRESET state.
Apr YYYY-MM-DDT <esxi_host_name> vmx[27####5]: GuestRpc: GuestRpcResetVsockChannel: channel 1
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:5 Port COMRESET requested.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:5: Write to PxSCTL.DET while no device present.
Apr YYYY-MM-DDT <esxi_host_name> vmx[21####4]: AHCI-VMM: sata0:5: Moved to COMRESET state.

There is an alternative step that can help forward the virtual machine logs to syslog server however Please note, when you use the below configuration, it might be challenging to differentiate logs from different virtual machines:
1. Take a backup of /etc/vmware/config file:
  cp /etc/vmware/config /var/core/vmware_config.backup
2. Edit the file:
  vi /etc/vmware/config
3. Add the below parameter at the end of the file:
  vmx.log.syslogID = "vmx"
4. Save the file:
  Hit Esc -> :wq!

Additional Information

Fine-tune Syslog on ESXi Hosts