VMware Cloud Community
AlbertWT
Virtuoso
Virtuoso
‎09-28-2010 08:42 PM
Jump to solution

ESXi logging, vMA OR Syslog server+Splunk ?

Hi Guys,

I'd like to know which one is better and the most widely used method for logging ESXi events ? using vMA or (syslog server+splunk) ?

because i had a bad experience in mysterious ESXi host restart and the diagnostic log doesn't seems to be continuous logging 😐 (eg. only available for events after the system restart) cmiiw.

Kind Regards,

AWT

/* Please feel free to provide any comments or input you may have. */
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Dave_Mishchenko
Immortal
Immortal
‎09-28-2010 10:25 PM
Jump to solution

Select the host, then go to Configuration > Softare > Advanced Settings. Browse down the list to syslog and open it up. The change takes affect right away.




Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

View solution in original post

0 Kudos
6 Replies
Dave_Mishchenko
Immortal
Immortal
‎09-28-2010 08:45 PM
Jump to solution

How many host do you have? The vMA isn't meant for an enterprise load and it's just collecting logs.

You can also configure ESXi to store logs on a datastore or if this is a fresh 4.1 install it will be configured to use the scratch drive for the syslog path.




Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

AlbertWT
Virtuoso
Virtuoso
‎09-28-2010 08:53 PM
Jump to solution

Thanks for your quick reply Dave,

I've got 5 servers ESXi 4.0 which runs on USB drive.

The reason is that so I can diagnose what may cause this server to reboot by itself.

/* Please feel free to provide any comments or input you may have. */
0 Kudos
Dave_Mishchenko
Immortal
Immortal
‎09-28-2010 10:19 PM
Jump to solution

I would just change the setting syslog.local.datastorepath to save the log files on a datastore. With the vMA you could store logs for a longer period, but that doesn't seem to be the primary need for you.




Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

AlbertWT
Virtuoso
Virtuoso
‎09-28-2010 10:22 PM
Jump to solution

Yes, it seems taht vMA is the way to go here Smiley Happy

last thing is.. how and where to change the attribute "syslog.local.datastorepath" that you mention before ?

Thanks.

Kind Regards,

AWT

/* Please feel free to provide any comments or input you may have. */
0 Kudos
Dave_Mishchenko
Immortal
Immortal
‎09-28-2010 10:25 PM
Jump to solution

Select the host, then go to Configuration > Softare > Advanced Settings. Browse down the list to syslog and open it up. The change takes affect right away.




Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

0 Kudos
AlbertWT
Virtuoso
Virtuoso
‎09-28-2010 10:33 PM
Jump to solution

Ah.. thanks Dave for your help, I appreciate it very much.

Cheers.

/* Please feel free to provide any comments or input you may have. */
0 Kudos