Re: ESXi syslog collector remote location

netanelpe · ‎11-17-2022

Hey guys,
I'm trying to setup a remote syslog collector server which will forward it to Sentinel.

I have a Linux machine already set up and an ESXi that i've changed the Syslog.global.logHost to my remote machine.
My question is where the actual logs are going to be saved on the remote machine?
Should I also edit the Syslog.global.logDir to my desired folder on the remote machine?

I was using this guide.
Configuring syslog on ESXi (2003322) (vmware.com)

virtualinca · ‎11-17-2022

Hi @netanelpe

you don't have to specify the path. Just be sure that you configured ingestion on a Sentinel.

Regards

Alex

netanelpe · ‎11-17-2022

@virtualinca @lek Thanks for the quick reply but the logs are just being forwarded through the machine? It doesn't save it anywhere on the Linux machine
Or am I missing something?

virtualinca · ‎11-17-2022

Are you using rsyslog on a Linux VM? The rsyslog service keeps various log files in the /var/log directory. Check if you have any logs within /var/log or /var/log/syslog. You can use the following command: cat /var/log/syslog | grep <fqdn ESXi/IP> | more

Configured Log Analytics Agent forwards logs to Azure, but you have to configure it first. -> Collect Syslog data sources with the Log Analytics agent in Azure Monitor - Azure Monitor | Microsof...

If it helped, don't forget kudos 😉

netanelpe · ‎11-21-2022

Hey,
I'm using the Azure Agent to forward the logs so I will just check sentinel.
Just wanted to make sure if any data is being written to the vm itself and where.

virtualinca · ‎11-29-2022

No worries, if this was helpful please click on a like button.

All

ESXi syslog collector remote location