When configuring log filtering on the ESXi host, the following example is provided in the TechDoc documentation:

esxcli system syslog config logfilter remove --filter="10|Hostd|mark"

Following the above example, a user might attempt to add log filtering rules as follows:

esxcli system syslog config logfilter add --filter="10|Hostd|info"
esxcli system syslog config logfilter add --filter="10|Hostd|warning"
esxcli system syslog config logfilter add --filter="10|Hostd|error"

The above log filter rules are improperly formed as syslog log filtering cannot be used to enforce log levels of individual services. The third field of a log filter rule is supposed to be a regular expression to match against the unstructured data part (message body) of a log message, whereas the log level is typically part of the log message header.

A regex pattern for the body of a log message that is intended to be filtered out needs to be part of a configured log filter rule. For a user wanting to filter out log messages based on the log level while transmitting over network to the configured loghosts/syslog server, possible ways are to:

1. Set the log level for each individual service to a higher or lower level as needed. However, note that this would also prevent log messages written to local log files on the ESXi host, and may affect the ability to debug any future issues on the customer's ESXi host in the absence of adequate logs on the host.
2.  Filter the messages on the remote syslog server for the log level specifically