ESXi hosts are unable to reach syslog non-standard port any port other than UDP/TCP 514 or TCP 1514
search cancel

ESXi hosts are unable to reach syslog non-standard port any port other than UDP/TCP 514 or TCP 1514

book

Article ID: 418680

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

ESXi 7.0 GA custom ESXi firewall rules are not supported without the use of VIBs. This can lead to ESXi hosts being unable to send syslog messages to a syslog server configured on a non-standard port.


Environment

VMware vSphere ESXi 7.x

Cause

If a syslog server is configured on an ESXi 7.0 GA host to use a non-standard port (any port other than 514 or 1514), the syslog traffic may be dropped. This typically occurs between the switchport of the vmk0 interface and the physical uplink. This is due to the ESXi firewall blocking the syslog traffic because it is not destined for the default/standard syslog ports.

Resolution

To resolve this issue, you have two primary options:

  1. Use Standard Ports: Configure your syslog server to listen on standard syslog ports (UDP/TCP 514 or TCP 1514) which are allowed by default by the ESXi firewall.
  2. Upgrade ESXi Host: Upgrade the ESXi host version to ESXi 7.0 U3q, ESXi 8.0 U2b, or later. In these newer versions, the vmsyslogd service automatically creates persistent dynamic firewall rules, allowing syslog traffic to non-standard ports without manual firewall configuration.

Additional Information

How to Configure a Custom Syslog Port on ESXi
Creating custom firewall rules in VMware ESXi is not supported.

 

Powered by Wolken Software