I have a ESXi standalone 6.7 server & I'm trying to get syslog to work, but all attempts have failed so far.
Here's my vmsyslog.conf file, and the syslog server name is resolving.
What am I missing?
Thanks
--Andrew
[root@vmware6:/var/log] cat /etc/vmsyslog.conf
[DEFAULT]
drop_log_size_kb = 100
logdir = /scratch/log
rotate = 8
check_ssl_certs = true
default_timeout = 180
logdir_unique = false
size = 1024
loghost = udp://syslog.z.com:514
queue_drop_mark = 90
drop_log_rotate = 10
[vmsyslog]
rotate = 8
size = 1024
loghost = udp://syslog.z.com:514
[root@vmware6:/var/log] ping syslog.z.com
PING syslog (192.168.240.13): 56 data bytes
64 bytes from 192.168.240.13: icmp_seq=0 ttl=64 time=0.149 ms
64 bytes from 192.168.240.13: icmp_seq=1 ttl=64 time=0.294 ms
Hi,
You must enabled firewall with this command line.
# esxcli network firewall ruleset set --enabled true --ruleset-id=syslog
Please mask as resolve.
Thank you,
Are you following the steps provide din below doc to configure syslog on esxi 6.7 :
Configure Syslog on ESXi Hosts
Could you also help me understand if you are getting any errors while configuring syslog.
regards
Gayathri
I don't see any errors.
[root@vmware6:~] esxcli system syslog config get
Default Network Retry Timeout: 180
Dropped Log File Rotation Size: 100
Dropped Log File Rotations: 10
Enforce SSLCertificates: true
Local Log Output: /scratch/log
Local Log Output Is Configured: true
Local Log Output Is Persistent: true
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Message Queue Drop Mark: 90
Remote Host: udp://syslog.z.com:514
[root@vmware6:~] esxcli system syslog reload
[root@vmware6:~]
Hi,
Verify your Firewall from esxi to syslog.
# esxcli network firewall ruleset list --ruleset-id=syslog
# esxcli network firewall ruleset rule list --ruleset-id=syslog
# esxcli network firewall ruleset allowedip list --ruleset-id=syslog
Thank you,
[root@vmware6:~] esxcli network firewall ruleset list --ruleset-id=syslog
Name Enabled
------ -------
syslog false
[root@vmware6:~] esxcli network firewall ruleset rule list --ruleset-id=syslog
Ruleset Direction Protocol Port Type Port Begin Port End
------- --------- -------- --------- ---------- --------
syslog Outbound UDP Dst 514 514
syslog Outbound TCP Dst 514 514
syslog Outbound TCP Dst 1514 1514
[root@vmware6:~] esxcli network firewall ruleset allowedip list --ruleset-id=syslog
Ruleset Allowed IP Addresses
------- --------------------
syslog All
Do I need to open the firewall for syslog? How do I do that? I'm very new to vmware.
I did the following, seems to have fixed it.
esxcli network firewall ruleset set --ruleset-id syslog --enabled true
esxcli network firewall ruleset allowedip list --ruleset-id syslog
Hi,
You must enabled firewall with this command line.
# esxcli network firewall ruleset set --enabled true --ruleset-id=syslog
Please mask as resolve.
Thank you,