ESXi

 View Only

  • 1.  syslog problems

    Posted Sep 19, 2018 05:12 PM

    I have a ESXi standalone 6.7 server & I'm trying to get syslog to work, but all attempts have failed so far.

    Here's my vmsyslog.conf file, and the syslog server name is resolving.

    What am I missing?

    Thanks

    --Andrew

    [root@vmware6:/var/log] cat /etc/vmsyslog.conf

    [DEFAULT]

    drop_log_size_kb = 100

    logdir = /scratch/log

    rotate = 8

    check_ssl_certs = true

    default_timeout = 180

    logdir_unique = false

    size = 1024

    loghost = udp://syslog.z.com:514

    queue_drop_mark = 90

    drop_log_rotate = 10

    [vmsyslog]

    rotate = 8

    size = 1024

    loghost = udp://syslog.z.com:514

    [root@vmware6:/var/log] ping syslog.z.com

    PING syslog (192.168.240.13): 56 data bytes

    64 bytes from 192.168.240.13: icmp_seq=0 ttl=64 time=0.149 ms

    64 bytes from 192.168.240.13: icmp_seq=1 ttl=64 time=0.294 ms



  • 2.  RE: syslog problems

    Posted Sep 20, 2018 05:27 AM

    Are you following the steps provide din below doc to configure syslog on esxi 6.7 :

    Configure Syslog on ESXi Hosts

    Could you also help me understand if you are getting any errors while configuring syslog.

    regards

    Gayathri



  • 3.  RE: syslog problems

    Posted Sep 20, 2018 04:13 PM

    I don't see any errors.

    [root@vmware6:~] esxcli system syslog config get

       Default Network Retry Timeout: 180

       Dropped Log File Rotation Size: 100

       Dropped Log File Rotations: 10

       Enforce SSLCertificates: true

       Local Log Output: /scratch/log

       Local Log Output Is Configured: true

       Local Log Output Is Persistent: true

       Local Logging Default Rotation Size: 1024

       Local Logging Default Rotations: 8

       Log To Unique Subdirectory: false

       Message Queue Drop Mark: 90

       Remote Host: udp://syslog.z.com:514

    [root@vmware6:~] esxcli system syslog reload

    [root@vmware6:~]



  • 4.  RE: syslog problems

    Posted Sep 20, 2018 04:42 PM

    Hi,

    Verify your Firewall from esxi to syslog.

    #  esxcli network firewall ruleset list --ruleset-id=syslog

    #  esxcli network firewall ruleset rule list --ruleset-id=syslog

    # esxcli network firewall ruleset allowedip list --ruleset-id=syslog

    Thank you,



  • 5.  RE: syslog problems

    Posted Sep 20, 2018 05:09 PM

    [root@vmware6:~]  esxcli network firewall ruleset list --ruleset-id=syslog

    Name    Enabled

    ------  -------

    syslog    false

    [root@vmware6:~] esxcli network firewall ruleset rule list --ruleset-id=syslog

    Ruleset  Direction  Protocol  Port Type  Port Begin  Port End

    -------  ---------  --------  ---------  ----------  --------

    syslog   Outbound   UDP       Dst               514       514

    syslog   Outbound   TCP       Dst               514       514

    syslog   Outbound   TCP       Dst              1514      1514

    [root@vmware6:~] esxcli network firewall ruleset allowedip list --ruleset-id=syslog

    Ruleset  Allowed IP Addresses

    -------  --------------------

    syslog   All

    Do I need to open the firewall for syslog? How do I do that? I'm very new to vmware.



  • 6.  RE: syslog problems

    Posted Sep 20, 2018 05:45 PM

    I did the following, seems to have fixed it.

    esxcli network firewall ruleset set --ruleset-id syslog --enabled true

    esxcli network firewall ruleset allowedip list --ruleset-id syslog



  • 7.  RE: syslog problems
    Best Answer

    Posted Sep 20, 2018 06:20 PM

    Hi,

    You must enabled firewall with this command line.

    #  esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

    Please mask as resolve.

    Thank you,