Solved: Re: syslog problems

meadrocks · ‎09-19-2018

I have a ESXi standalone 6.7 server & I'm trying to get syslog to work, but all attempts have failed so far.

Here's my vmsyslog.conf file, and the syslog server name is resolving.

What am I missing?

Thanks

--Andrew

[root@vmware6:/var/log] cat /etc/vmsyslog.conf

[DEFAULT]

drop_log_size_kb = 100

logdir = /scratch/log

rotate = 8

check_ssl_certs = true

default_timeout = 180

logdir_unique = false

size = 1024

loghost = udp://syslog.z.com:514

queue_drop_mark = 90

drop_log_rotate = 10

[vmsyslog]

rotate = 8

size = 1024

loghost = udp://syslog.z.com:514

[root@vmware6:/var/log] ping syslog.z.com

PING syslog (192.168.240.13): 56 data bytes

64 bytes from 192.168.240.13: icmp_seq=0 ttl=64 time=0.149 ms

64 bytes from 192.168.240.13: icmp_seq=1 ttl=64 time=0.294 ms

Marmotte94 · ‎09-20-2018

Hi,

You must enabled firewall with this command line.

# esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

Please mask as resolve.

Thank you,

Please, visit my blog http://www.purplescreen.eu/

View solution in original post

GayathriS · ‎09-19-2018

Are you following the steps provide din below doc to configure syslog on esxi 6.7 :

Configure Syslog on ESXi Hosts

Could you also help me understand if you are getting any errors while configuring syslog.

regards

Gayathri

meadrocks · ‎09-20-2018

I don't see any errors.

[root@vmware6:~] esxcli system syslog config get

Default Network Retry Timeout: 180

Dropped Log File Rotation Size: 100

Dropped Log File Rotations: 10

Enforce SSLCertificates: true

Local Log Output: /scratch/log

Local Log Output Is Configured: true

Local Log Output Is Persistent: true

Local Logging Default Rotation Size: 1024

Local Logging Default Rotations: 8

Log To Unique Subdirectory: false

Message Queue Drop Mark: 90

Remote Host: udp://syslog.z.com:514

[root@vmware6:~] esxcli system syslog reload

[root@vmware6:~]

Marmotte94 · ‎09-20-2018

Hi,

Verify your Firewall from esxi to syslog.

# esxcli network firewall ruleset list --ruleset-id=syslog

# esxcli network firewall ruleset rule list --ruleset-id=syslog

# esxcli network firewall ruleset allowedip list --ruleset-id=syslog

Thank you,

Please, visit my blog http://www.purplescreen.eu/

meadrocks · ‎09-20-2018

[root@vmware6:~] esxcli network firewall ruleset list --ruleset-id=syslog

Name Enabled

------ -------

syslog false

[root@vmware6:~] esxcli network firewall ruleset rule list --ruleset-id=syslog

Ruleset Direction Protocol Port Type Port Begin Port End

------- --------- -------- --------- ---------- --------

syslog Outbound UDP Dst 514 514

syslog Outbound TCP Dst 514 514

syslog Outbound TCP Dst 1514 1514

[root@vmware6:~] esxcli network firewall ruleset allowedip list --ruleset-id=syslog

Ruleset Allowed IP Addresses

------- --------------------

syslog All

Do I need to open the firewall for syslog? How do I do that? I'm very new to vmware.

meadrocks · ‎09-20-2018

I did the following, seems to have fixed it.

esxcli network firewall ruleset set --ruleset-id syslog --enabled true

esxcli network firewall ruleset allowedip list --ruleset-id syslog

Marmotte94 · ‎09-20-2018

Hi,

You must enabled firewall with this command line.

# esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

Please mask as resolve.

Thank you,

Please, visit my blog http://www.purplescreen.eu/