Gathering and maintaining log files is an important part of a server administrator's duties. Using a centralized logging server, such as a sylog server offers several benefits. The log files become useful for troubleshooting purposes, if needed. Also, keeping an unaltered set of logs in a different location can aid in forensic activities after an attack.
This document explains how to set up Splunk for monitoring a VMware Environment. This includes monitoring the ESX/ESXi Server logs, the vCenter Server Logs and some of the add-on services to vCenter. It also includes generic event logging for Windows and Linux guest operating systems.
VMware Certified Professionals, System Management / Sysadmin / Operations
Preparing the Splunk Server
Installing Splunk Server
Setting up ESX Servers and Linux VMs for Monitoring
Setting up ESXi Servers for Monitoring
Setting up vCenter Servers and Windows VMs for Monitoring
Adding Miscellaneous Log Files to Splunk for Monitoring
See attached document for content
David Convery, VMware vExpert 2009
Also check out http://www.dailyhypervisor.com/ |
You use this proven practice at your discretion. VMware, http://www.dailyhypervisor.com and the author do not guarantee any results from the use of this proven practice. This proven practice is provided on an as-is basis and is for demonstration purposes only.