Enabling syslog on ESXi 3.5 and 4.x
search cancel

Enabling syslog on ESXi 3.5 and 4.x

book

Article ID: 311042

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

VMware vSphere ESXi 3.5 and 4.x hosts run a syslog service (syslogd) which provides a standard mechanism for logging messages from the VMkernel and other system components. By default in ESXi, these logs are placed on a local scratch volume or a ramdisk. To preserve the logs further, ESXi can be configured to clone these logs to an alternate storage location on disk, and to send the logs across the network to a third-party syslog server.

Retention, rotation and splitting of logs received and managed by a third-party syslog server are fully controlled by that syslog server. ESXi cannot configure or control third-party log management. For more information, see the documentation for your third-party syslog server.

Regardless of the additional syslog configuration specified using these options, logs continue to be placed on the default locations on the ESXi host. 

 



Environment

VMware ESXi 4.1.x Embedded
VMware ESXi 3.5.x Embedded
VMware ESXi 4.0.x Embedded
VMware ESXi 3.5.x Installable
VMware ESXi 4.1.x Installable
VMware ESXi 4.0.x Installable

Resolution

Configuration of the syslog service on ESXi can be performed from the vSphere Client, PowerCLI, or vCLI. Select the method appropriate for your environment.

Configuring Local and Remote logging using Advanced Configuration Options

The Local and Remote syslog functionality can be configured for a host using advanced configuration options, which can be set using the vSphere Client, PowerCLI, or vCLI. This configuration cannot be performed using the local console's esxcfg-advcfg command.

  • Syslog.Local.DatastorePath - a location on a local or remote datastore and path where logs are saved to. Has the format [datastorename] directory/filename, which maps to /vmfs/volumes/datastorename/directory/filename. If the datastore path field is blank, the logs are only placed in their default location. For ESXi 4.1, the default is []/scratch/log/messages if scratch is defined. 

  • Syslog.Remote.Hostname - a remote server's DNS name or IP address where logs are sent using the syslog protocol. If the hostname field is blank, no logs are forwarded.

  • Syslog.Remote.Port - a remote server's UDP port where logs are sent using the syslog protocol. Default is port 514.

For more information on setting advanced configuration options using each method

Configuring Remote logging using the vSphere Command Line Interface

The Remote syslog functionality can be configured from the vCLI using the vicfg-syslog command, which is installed with the vSphere Management Assistant appliance. 

  1. Open a console at the location the vCLI is installed, or login to the vMA.

  2. Determine the current configuration using the command:

    vicfg-syslog --server ESXiHostnameOrIP --username MyUsername --password MyPassword --show

    For example:

    vicfg-syslog --server esxhost1 --username root --password MyPassword --show

  3. Set the hostname or IP address and port of the remote syslog server using the command:

    vicfg-syslog --server ESXiHostnameOrIP --username MyUsername --password MyPassword --setserver SyslogHostnameOrIP --setport PortNumber

    For example:

    vicfg-syslog --server esxhost1 --username root --password MyPassword --setserver 10.5.0.200 --setport 514

    Note: To remove the remote syslog configuration, set the remote syslog server name to a blank string "".

  4. Validate the configuration change by repeating step 2.

Configuring Remote logging using PowerCLI

The Remote syslog functionality can be configured using PowerCLI using the Set-VMHostSysLogServer command. 

  1. Connect to the vCenter Server or ESXi host using the command:

    Connect-VIServer HostnameOrIP

  2. Determine the current configuration using the command:

    Get-VMHost ESXHostnameOrIP | Get-VMHostSysLogServer

    Note: A blank result indicates that the syslog server is not configured for the specified host.

  3. Set the hostname or IP address and port of the remote syslog server using the command:

    Get-VMHost ESXHostnameOrIP | Set-VMHostSysLogServer -SysLogServer SyslogHostnameOrIP -SysLogServerPort PortNumber

    For example:

    Get-VMHost esxhost1 | Set-VMHostSysLogServer -SysLogServer 10.5.0.200 -SysLogServerPort 514

    Note: To remove the remote syslog configuration, set the remote syslog server name to $null.

  4. Validate the configuration change by repeating step 2.
Notes:

To reload changes to the syslog configuration file, use the command: kill -HUP $(cat /var/run/syslogd.pid)from an ESXi host command prompt.

If no process is found from the above command, start the syslog service using the command syslogd .

To retrieve or set the syslog configuration for multiple ESXi hosts at the same time, use Get-VMHost to query for multiple hosts within a data center or cluster. 



Additional Information

Powered by Wolken Software