Hi,
Each ESXi host generates a large number of component logs. In an average day with default logging settings, each host generates ~250 MB of data. Even with a relatively small number of hosts, querying this log data when troubleshooting a problem quickly becomes very difficult, and correlating the information even more so.
Therefore, if you are tasked with maintaining hundreds or even thousands of ESXi hosts and other data center devices, managing logs locally can become impossible. Fortunately, there is a straightforward solution to this problem: a centralized syslog service.
Each ESXi host runs a local syslog daemon called vmsyslogd, which provides the standard mechanism for logging messages from the VMkernel, and other system components, to a centralized syslog target. By default in ESXi, logs are stored on a local scratch volume or in RAMdisk depending on the hosts installation device and configuration. To preserve the logs in a centralized location, the ESXi hosts and other devices need to be configured to send their logs across the network directly to a central syslog server or alternatively, to a syslog aggregation server, which in turn forwards the syslog messages to the centralized location.
Therefore Syslog is the method by which computer devices can send event messages to a logging server, known as the syslog server. The syslog protocol is supported by a range of computer devices, but the focus of this paper is the use of syslog to forward vSphere based logs to a centralized logging server for analysis, troubleshooting, and security auditing.
Thanks n Regards
Umesh Ahuja
If your query resolved then please consider awarding points by correct or helpful marking.
