Re: esxi 5.1 - sending logs to vmware syslog serve...

TedH256 · ‎10-09-2012

I have the vmware syslog service installed on the vcenter server (and I chose the "integrated with vcenter" option when I installed it).

What do I need to do, in order to have my hosts send their logging info to this syslog server?

I can see the syslog.global.loghost setting in Advanced System Settings for each host - but, I am not certain what to populate that field with. Also, is this the only field that I have to configure in order to enable basic syslogging to the vcenter/syslog server?

Should I just put the host name in the field? Do I need to put ssl://hostname:514 as one of the examples given in the field "help", or do I use HTTP or ... what, exactly is the url I should use?

Ted

TedH256 · ‎10-09-2012

just to be clear, I have read "the manual", and all I can find is this:

"Syslog.global.LogHost

Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. You can include the protocol and the port, for example,ssl://hostName1:514. UDP (default), TCP, and SSL are supported. The remote host must have syslog installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration."

but there does not seem to be a syslog document available that describes how to write to the vmware syslog service ....

MarekZdrojewski · ‎10-09-2012

Hi,

Try this in the Syslog.global.logHost: udp://<IP_address_or_FQDN_of_your_vCenterServer>:514

hth

Cheers!

| Blog: https://defaultreasoning.com | Twitter: @MarekDotZ |

TedH256 · ‎10-09-2012

Excellent -

do you know if there is actually a document that discusses configuring/using the vmware syslog server? I cannot find it referenced anywhere in the vsphere 5.x document set.

So if I simply put the value you offerered in that one property - then that's it - all of that hosts logging will go to the syslog server instead of locally? Is it possible to have the syslogs written BOTH locally and to syslog?

Thank you!

TedH256 · ‎10-09-2012

ps - where do these logs get stored? How do I access them when/if I need to? Are they all jumbled up together (ie, the logs from each of my hosts)?

MarekZdrojewski · ‎10-09-2012

Well, all info you need to install and configure the syslog is in the vSphere Installation and Setup guide. Try to google it, there are a lot good blogs about how to do it step-by-step

Yes, just put the string in the field and hosts will send logs to the syslog server. Afaik, you cannot mix it.

hth

Regards.

| Blog: https://defaultreasoning.com | Twitter: @MarekDotZ |

MarekZdrojewski · ‎10-09-2012

The logs are stored in the directory you entered during the installation of the syslog server on your vCenter Server. Default is C:\Program Data\VMware\VMware Syslog Collector\Data. Every host will, by default, create its own directory in the data folder and store the logs in text file format there.

Give it a try

Don't forget to check if the syslog port is open on your vCenter Server and the hosts.

hth

Cheers!

| Blog: https://defaultreasoning.com | Twitter: @MarekDotZ |

Asru · ‎10-23-2012

Can the folder names be changed? All our hosts are added to inventory using hostnames; on syslog collector overview page the list sees the hosts with the hostnames, however, they are all logging to "\IP_instead_of_hostname".

Thanks.

kanamarlapudia · ‎01-09-2013

I have a query on the same subject. We have ESXi 5.1 environment and I have configured Syslog Collector on the VCenter server and I can see the syslog.log created under the Host IP - subfolder.

But my query is about the other logs other than syslog.log..? For ex: fdm.log, vmkernel.log etc. Will they not be forwarded to Syslog collector Server..? Do I need to make any extra configuration to get these forwarded..?

Please can I get some help..?

Thanks

Ashok

All

esxi 5.1 - sending logs to vmware syslog server