topic Enable syslog and ports in ESXi firewall after configuring syslog. in VMware PowerCLI Discussions

Enable syslog and ports in ESXi firewall after configuring syslog.

BBB36 — Fri, 16 Dec 2022 15:31:56 GMT

The script below enables syslog on an ESXi host (server, port, protocol) but it does not actually enable syslog in the ESXi firewall. I have searched here but somehow unable to find a script that can do that. Can someone please help improve upon this script to do that? Thank you.

Get-VMHost -PipelineVariable esx | ForEach-Object -Process { $sLog = @{ loghost = 'tcp://server.com:1514' } $esxcli = Get-EsxCli -VMHost $esx -V2 $old = $esxcli.system.syslog.config.get.Invoke() if($esxcli.system.syslog.config.set.Invoke($sLog)){ New-Object -TypeName PSObject -Property ([ordered]@{ vCenter = ([uri]$esx.ExtensionData.Client.ServiceUrl).Host VMHost = $esx.Name SyslogOld = $old.RemoteHost SyslogNew = $esxcli.system.syslog.config.get.Invoke().RemoteHost }) } else{ Write-Error "Syslog configuration failed on $($esx.Name)" } } | Export-Csv -Path "c:\file.csv" -NoTypeInformation -UseCulture

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

LucD — Fri, 16 Dec 2022 17:35:16 GMT

Did you try adding a line like this?

Get-VMHostFireWallException -VMHost $esx -Name Syslog | Set-VMHostFirewallException -Enabled:$True.

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

BBB36 — Fri, 16 Dec 2022 19:54:46 GMT

Thank you @LucD . I was able to add that to the script and it worked, however the export had empty rows. Also, I believe a reload command is needed after updating the syslog server and port, and also the syslog ESXi firewall to prevent having to reboot. So I added more lines to the script. I am currently getting the following error when I run it, and I have tried various things but am still getting similar errors:

At line:29 char:3 + $esxcli.network.firewall.refresh.Invoke(@{rulesetid='syslog'; ... + ~~~~~~~ Missing closing ')' after expression in 'if' statement. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingEndParenthesisAfterStatement

Below is the script. I basically want it to perform the reloads I mentioned above, and also if possible, export the new firewall ruleset value as well. Thanks.

Get-VMHost -PipelineVariable esx | ForEach-Object -Process { $sLog = @{ loghost = 'tcp://server.com:1514' } $esxcli = Get-EsxCli -VMHost $esx -V2 $old = $esxcli.system.syslog.config.get.Invoke() $old2 = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid='syslog'}) if($esxcli.system.syslog.config.set.Invoke($sLog)){ $esxcli.system.syslog.reload.invoke($sLog) if(($esxcli.network.firewall.ruleset.set.Invoke(@{rulesetid='syslog'; enabled=$true})) $esxcli.network.firewall.refresh.Invoke(@{rulesetid='syslog'; enabled=$true}) New-Object -TypeName PSObject -Property ([ordered]@{ vCenter = ([uri]$esx.ExtensionData.Client.ServiceUrl).Host VMHost = $esx.Name SyslogOld = $old.RemoteHost SyslogNew = $esxcli.system.syslog.config.get.Invoke().RemoteHost FirewallRulesetNew = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid='syslog'}).RemoteHost }) } } else{ Write-Error "Syslog configuration failed on $($esx.Name)" } | Export-Csv -Path "c:\file.csv" -NoTypeInformation -UseCulture

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

LucD — Fri, 16 Dec 2022 20:44:01 GMT

There are a couple of misaligned parentheses and a missing curly brace.
This seems to be working for me syntax-wise

Get-VMHost -PipelineVariable esx | ForEach-Object -Process { $sLog = @{ loghost = 'tcp://server.com:1514' } $esxcli = Get-EsxCli -VMHost $esx -V2 $old = $esxcli.system.syslog.config.get.Invoke() $old2 = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'syslog' }) if ($esxcli.system.syslog.config.set.Invoke($sLog)) { $esxcli.system.syslog.reload.invoke($sLog) if ($esxcli.network.firewall.ruleset.set.Invoke(@{rulesetid = 'syslog'; enabled = $true })){ $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'syslog'; enabled = $true }) New-Object -TypeName PSObject -Property ([ordered]@{ vCenter = ([uri]$esx.ExtensionData.Client.ServiceUrl).Host VMHost = $esx.Name SyslogOld = $old.RemoteHost SyslogNew = $esxcli.system.syslog.config.get.Invoke().RemoteHost FirewallRulesetNew = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'syslog' }).RemoteHost }) } } else { Write-Error "Syslog configuration failed on $($esx.Name)" } } | Export-Csv -Path "c:\file.csv" -NoTypeInformation -UseCulture

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

BBB36 — Sat, 17 Dec 2022 04:24:30 GMT

Thank you. The script appeared to update the syslog settings and enabled the syslog firewall service, but it displayed the output below in red:

Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:27 char:13 + $esxcli.system.syslog.reload.invoke($sLog) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException Index (zero based) must be greater than or equal to zero and less than the size of the argument list. At H:\Files\Scripts\vSphere\syslog\esxi-syslog-configure.ps1:29 char:17 + ... $esxcli.network.firewall.refresh.Invoke(@{rulesetid = 'sy ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], FormatException + FullyQualifiedErrorId : System.FormatException

Also, the report generated but only had the "FirewallRulesetNew" column, which was empty. Then I noticed that it didn't have a FirewallRulesetOld column so I added it to the script but it still failed with the same error, although it now has that column in the report and it too is empty. Could this just be that there's no way to properly display the syslog ruleset value?

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

LucD — Sat, 17 Dec 2022 09:02:42 GMT

There are a couple of mistakes in there.
The reload and refresh methods do not require arguments.
You should suppress the Booleans returned from entering in your CSV by redirecting the result to Out-Null
The firewall list method only has a Name and Enabled property in the returned object.

Get-VMHost -PipelineVariable esx | ForEach-Object -Process { $sLog = @{ loghost = 'tcp://server.com:1514' } $esxcli = Get-EsxCli -VMHost $esx -V2 $old = $esxcli.system.syslog.config.get.Invoke() $old2 = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'syslog' }) if ($esxcli.system.syslog.config.set.Invoke($sLog)) { $esxcli.system.syslog.reload.Invoke() | Out-Null if ($esxcli.network.firewall.ruleset.set.Invoke(@{rulesetid = 'syslog'; enabled = $true })){ $esxcli.network.firewall.refresh.Invoke() | Out-Null New-Object -TypeName PSObject -Property ([ordered]@{ vCenter = ([uri]$esx.ExtensionData.Client.ServiceUrl).Host VMHost = $esx.Name SyslogOld = $old.RemoteHost SyslogNew = $esxcli.system.syslog.config.get.Invoke().RemoteHost FirewallRulesetOld = $old2.Enabled FirewallRulesetNew = $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'syslog' }).Enabled }) } } else { Write-Error "Syslog configuration failed on $($esx.Name)" } } | Export-Csv -Path "c:\file.csv" -NoTypeInformation -UseCulture

Re: Enable syslog and ports in ESXi firewall after configuring syslog.

BBB36 — Mon, 19 Dec 2022 17:35:18 GMT

Thank you as usual @LucD . The script works by specifying TRUE or FALSE for FirewallRulesetOld and FirewallRulesetNew now. Sincerely appreciated!