How to remove syslog configuration from an ESXi host
search cancel

How to remove syslog configuration from an ESXi host

book

Article ID: 376371

calendar_today

Updated On:

Products

VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0

Issue/Introduction

This KB article guides you on cleaning up the syslog configuration on an ESXi host to prevent the host from continuing to send logs to the syslog server, which could lead to unexpected traffic.

Environment

vSphere ESXi 7.0
vSphere ESXi 8.0

Resolution

To remove syslog host from the configuration

  • Modify the " Syslog.global.logHost  " parameter under advanced settings to a blank value on the vCenter Server / ESXi host . 

On the vCenter Server  : ESXi > Configure > Advanced System Settings 
On the ESXI host client : ESXi > Manage > System > Advanced Setting 

  • Using CLI on the ESXI host :

$ esxcli system syslog config set --loghost=''


To check the packets on the ESXi host after the syslog configuration has been changed

$ pktcap-uw --vmk vmk0 -o - |tcpdump-uw -nr -  | grep "syslog ip"


Note : If you are seeing the packets being sent after the configuration has been cleared, run the below command to reload the syslog configuration :

$ esxcli system syslog reload

Additional Information

For filtering events that are sent to the syslog server, you may use filters : 
https://knowledge.broadcom.com/external/article/320793/filtering-logs-in-vmware-vsphere-esxi.html

 

Powered by Wolken Software