VMware Cloud Community
JT_CPL
Contributor
Contributor

Flooded Logs from ESXi Hosts

We've integrated ESXi hosts to send syslog to Log Insight but it's generating 25 milliions logs per hour.

Without reducing the verbose on the hosts, any why i can limit what Log Insight takes in?  Such as with Windows Agents, I can drop events.

Tags (1)
Reply
0 Kudos
3 Replies
daphnissov
Immortal
Immortal

Not if you're using syslog. Once it hits vRLI that's what it's keeping.

Reply
0 Kudos
JT_CPL
Contributor
Contributor

So basically there is nothing I can do other than 1) stop sending ESXi logs to log insight which it's what it's designed to do, or 2) add more server into the Log Insight cluster ?

Reply
0 Kudos
daphnissov
Immortal
Immortal

3) Eliminate the spam of messages presuming they result from a defect of some sort; 4) Lower the verbosity level your ESXi hosts are configured to send presuming you have increased it from the defaults. Otherwise, yes, options 1 or 2.

Reply
0 Kudos