Unable to see ESXi host logs in Aria Operations for Logs
search cancel

Unable to see ESXi host logs in Aria Operations for Logs

book

Article ID: 428572

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

ESXi host logs do not appear on Aria Logs, even though the below prerequisites are met: 

  • The Syslog.global.logHost parameter on the host under Advanced System Settings has been set to Aria Logs FQDN
  • The below command shows connection succeeded from the ESXi host to Aria Logs (-u paramter is only when UDP protocol is in use)  

    nc -z -u <AriaLogs_IP> 514


  • The ESXi host is configured to send logs on Aria Logs under Aria Logs -> Integrations -> vSphere -> vCenter 
  • Aria Logs cluster is optimally sized

Environment

Aria Operations for Logs 8.18.x 

Cause

The ESXi host does not have outgoing traffic enabled on the desired port. 

Resolution

To resolve this issue, follow the below steps:

    • Navigate to Configure > System > Firewall > Outgoing on the ESXi host.

    • Click Edit.

    • Select the checkbox next to Syslog.

    • In the IP List settings, select Allow connections from any IP address or explicitly enter the IP address of the Aria Operations for Logs endpoint.

Additional Information

NSX Distributed Firewall (DFW) logs are not forwarding to Aria Operations for Logs

Powered by Wolken Software