ESXi host stops sending Syslog Data to remote syslog server due to hostname mismatch.
search cancel

ESXi host stops sending Syslog Data to remote syslog server due to hostname mismatch.

book

Article ID: 429006

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

  • ESXi host intermittently stops sending syslog data to a remote syslog server.
  • Transmission only resumes temporarily after a manual restart of the vmsyslogd service. Despite the service showing a "running" status, logs fail to populate consistently in the syslog dashboard.
  • No MTU mismatch exists between the ESXi host and the syslog server.
  • The /scratch/log partition is not full.
  • The syslog server is reachable on port 5514
  • The hostname configured in the ESXi Direct Console User Interface (DCUI) or the /etc/hosts file is incorrect or does not match the DNS FQDN.

Cause

  • The issue is caused by a hostname mismatch or incorrect local resolution on the ESXi host.
  • If the hostname configured in the ESXi Direct Console User Interface (DCUI) or the /etc/hosts file is incorrect or does not match the DNS FQDN, the vmsyslogd process may encounter errors when tagging log packets. Even if the syslog server is reachable (e.g., via port 5514), the syslog server may ignore or drop logs if the host reporting the data does not match the registered entity in its own index.

Resolution

Ensure the ESXi hostname is correctly configured and that all management services are refreshed to recognize the change.

  1. Correct Hostname and DNS Settings.
    1. Log in to the ESXi Direct Console User Interface (DCUI).
    2. Press F2 on the host console to access Customize System/View Logs > Navigate to Configure Management Network > DNS Configuration
    3. Update the Hostname and DNS Server IPs as needed.
  2. Verify Local Resolution
    1. Log into the ESXi Shell via SSH as 'root'
    2. Run the command hostname to verify the update.
    3. Check the /etc/hosts file: cat /etc/hosts.
    4. Ensure the IP address matches the correct FQDN.
  3. Restart Management Networks and Management Agents and Syslog service.
    1. Log in to the ESXi Direct Console User Interface (DCUI).
    2. Press F2 on the host console to access Customize System/View Logs > Select Restart Management Network.
    3. Then, navigate to Troubleshooting Options > Restart Management Agents.
    4. Alternatively, via SSH, run:
      1. /etc/init.d/hostd restart
      2. /etc/init.d/vpxa restart
    5. From ESXi SSH, restart the syslog daemon to force a fresh connection to the Syslog server: /etc/init.d/vmsyslogd restart

Additional Information

 

Powered by Wolken Software