log filtering by log level is not working on ESXi
search cancel

log filtering by log level is not working on ESXi

book

Article ID: 382641

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When configuring log filtering on the ESXi host, the following example is provided in the docs:

esxcli system syslog config logfilter remove --filter="10|Hostd|mark"

Taking the above example, filtering by log level is attempted using the following syntax:

esxcli system syslog config logfilter remove --filter="10|Hostd|info"
esxcli system syslog config logfilter remove --filter="10|Hostd|warning"
esxcli system syslog config logfilter remove --filter="10|Hostd|error"

Environment

VMware ESXi 7.x

VMware ESXi 8.x

Cause

The above syntax is not correct. The third field is unstructured data. The log level is not normally included in the unstructured data.

Resolution

The message that needs to be filtered will have to be analyzed for the body of the message and the correct terms will need to be applied to the filter. A possible workaround to this is:

  1.  Set the log level for the service to a higher or lower level as needed
  2.  Filter the messages on the remote syslog server for the log level specifically

 

Additional Information

As a reminder, when log filtering is applied on the ESX host, it affects the local logs as well what is sent to the remote syslog server. This is not recommended as it can impact troubleshooting issues that may arise on the ESX host. 

Configure Log Filtering on ESXi Hosts

 

 

Powered by Wolken Software