Syslog configuration is restored after ESXi reboots.
search cancel

Syslog configuration is restored after ESXi reboots.

book

Article ID: 424277

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0

Issue/Introduction

Syslog configuration (remote log host) is restored after ESXi reboots, even after a user removed it.

Environment

VMware ESXi 8.0 U2 

Cause

  • Syslog configurations are stored within ESXi configstore.

  • Prior to ESXi 8.0 U1,if a user applied empty configuration to configstore, a value of '{}' was written to the configstore database, effectively removing the user-defined settings for certain services.

  • In ESXi 8.0 U2, this behaivor changed so that applying empty configuration is ignored.

  • Due to this change, if a user attempts to clear the syslog configuration by providing an empty set, the changes are not committed, and the previous configuration is restored after a reboot.

 

Resolution

This is known issue in ESXi 8.0 U2.
This is resolved in ESXi 8.0 U3.

Workaround:
To remove the syslog configuration for a remote host, you need to apply the remote host configuration to empty and explicitly re-define the log level setting to current value in configstore database.
This setting prevents the syslog configuration from being all empty, which prevents it from being restored after ESXi reboots.

1.Check the current syslog configuration.
# configstorecli config current get -c esx -g syslog -k global_settings

Expected output:
{
   "remote_logging": {
      "log_host": [
         {
            "address": "XXX.XXX.XXX.XXX",
            "port": 514,
            "protocol": "UDP"
         }
      ]
   }
}

2.Check the current vmvsyslogd logging level.
# esxcli system syslog config get | grep "Log Level"

Expected output:
   Log Level: error

3.Export the current syslog configuration to a file.
# configstorecli config current get -c esx -g syslog -k global_settings -outfile tmp.json

4.Edit tmp.json using the vi command and save.

Original:

{
   "remote_logging": {
      "log_host": [
         {
            "address": "XXX.XXX.XXX.XXX",
            "port": 514,
            "protocol": "UDP"
         }
      ]
   }
}

After modification (setting only the log level):

{
   "log_level": "ERROR"
}

5.Apply the new configuration and reload the syslog service.
# configstorecli config current set -c esx -g syslog -k global_settings -infile tmp.json
# esxcli system syslog config set --loghost=
# esxcli system syslog reload


6.Verify the changes.
# configstorecli config current get -c esx -g syslog -k global_settings

Expected output:
{
   "log_level": "ERROR"
}

# esxcli system syslog config get | grep "Remote Host:"

Expected output:
Remote Host: <none>


7.Reboot the ESXi host and confirm that the syslog configuration is not restored.

Powered by Wolken Software