Hi All,
I have an ESXi 7 host and I am trying to setup syslog so it will log to a remote host.
I have attached a pic of my ESXi settings, there doesn't seem to be much steps required for setting this up but it's not working. Does this look correct or am I missing something?
This host is standalone, not added to any vCenter if that makes a difference.
Those were really all the steps I completed. I can ping the remote host but cannot netcat on port 514, should I be getting a succeeded response?
The remote host is a CentOS and ArcSight is being used to collect/view the logs? I am not familiar with how ArcSight works, but are they any other steps required on the ESXi side to setup syslog? or are they any known issues with ESXi 7.0 syslog?
Commands I used:
esxcli sytem syslog config get
esxcli system syslog config set --loghost="udp://192.168.1.2:514"
esxcli system syslog reload
esxcli network firewall ruleset list --ruleset-id=syslog
esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
esxcli network firewall refresh
Appreciate the help
Ciao
The command nc must give you a positive answer:
Are The Esxi host and the Syslog server in the same network / vlan?
there are no other firewalls in the way?
from another pc / server are you able to communicate on UDP port 514 of the syslog server?
to configure my esxi hosts i use this powercli script:
Connect-ViServer
$vmHosts = Get-VMHost
$remoteSyslog = 'udp://<syslogserver>'
$syslogport = '514'
# Show current config
$vmHosts | ForEach-Object {
Write-Host $_.Name
Get-VMHostSysLogServer -VMHost $_
}
# Set syslog config in hypervisors
$vmHosts | ForEach-Object {
Write-Host $_.Name
Set-VMHostSysLogServer -SysLogServer $remoteSyslog":"$syslogPort -VMHost $_
}
# Restart syslog and set the allow rules in the ESXi
$vmHosts | ForEach-Object {
Write-Host $_.Name
(Get-Esxcli -v2 -VMHost $_).system.syslog.reload.Invoke()
(Get-Esxcli -v2 -VMHost $_).network.firewall.ruleset.set.Invoke(@{rulesetid='syslog'; enabled=$true})
(Get-Esxcli -v2 -VMHost $_).network.firewall.refresh.Invoke()
}
# Show current config
$vmHosts | ForEach-Object {
Write-Host $_.Name
Get-VMHostSysLogServer -VMHost $_
}