Syslog messages being lost between host and syslog server "vmsyslog logger lost #### log messages"
search cancel

Syslog messages being lost between host and syslog server "vmsyslog logger lost #### log messages"

book

Article ID: 406249

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

An ESXi host or vCenter Server triggers a Host error alarm. The following event description is recorded in the logs or vCenter interface:

Issue detected on <HOST> in <DOMAIN> vmsyslog logger <SYSLOG_SERVER>:514 lost #### log messages

Environment

VMware ESXi 9.0 

VMware ESXi 8.0 

Cause

A potential cause is that your hosts/vCenter do not have network connectivity to the syslog server.

To test for this, run the following command from VC/host:

$ nc -zv <SYSLOG_SERVER> 514

Resolution

Verify and restore network connectivity between the source host and the destination syslog server.

  1. Step 1: Test Network Connectivity
    1. From the ESXi shell or vCenter Server appliance (VCSA) command line, test whether the syslog port is reachable on the remote server.
    2. Review this command before running it.
      • nc -zv <SYSLOG_SERVER_IP> 514
  2. Step 2: Remediate Network Blocks
    • If the connectivity test fails:
      1. Ensure that TCP/UDP port 514 (or the custom configured port) is open on all physical firewalls and network path devices between the ESXi management network and the syslog server network.
      2. Confirm the syslog service on the destination server is active and configured to accept logs from the host's IP address.
      3. Verify that any intermediate load balancers are correctly routing syslog traffic.

Additional Information

 Troubleshooting "vmsyslog logger lost #### log messages" on ESXi hosts

ESXiホストと Syslog サーバー間で Syslog メッセージが失われています「vmsyslog logger lost #### log messages」

Powered by Wolken Software