ESXi4.1 send syslog to multiple remote servers

mtcstle · ‎08-08-2011

We've been happily using a VMware vMA applicance to log our ESXi 4.1 host's syslog messages. Can we, in addition, send the syslog output to a 3rd party log aggregator on another machine?

I've read it is not possible with ESXi 3.5 but I thought ist was time to light up another thread on the topic.

Thanks

John

lamw · ‎08-08-2011

No, ESX(i) 4.x only supports forwarding to a single syslog host, you would need to send it to centralize aggregator of some sort to be able to send it out redundantly. With ESXi 5, you have the option to forwarding it to multiple syslog servers but the limitation with ESXi 4.x is still a single one.

An option, maybe not the most ideal is combine syslog forwarding AND vMA's vi-logger (which is not syslog, it uses the API to pull the logs, but very similiar in nature with syslog). This would "technically" give you 2 sources of the logs, but again it's more of a hack than anything else and as an FYI - with vMA 5, vi-logger functionality has been removed, so if you're going to rely on this solution long term, it's probably not a good idea

Huidobro · ‎03-01-2012

Hello lamw.
Thank you for your clear explanation.

Do you have a link to some VMware official documentation stating that in ESXi 4.1 just one SysLog target can be configured?

I've verified the setup guides, but they don't have clearly stated that just one SysLog target is possible.

I'm not doubting of your assertion (I've verified you are right), but I've to convince some managers that multiple SysLog targets aren't possible in ESXi 4.1.

Thanks and best regards.

lamw · ‎03-01-2012

I can't find any documentation that explicitly states that, all documentation only provides example for a single syslog server and as you've found there is no way to set it. If you need something official, I would reach out to your VMware rep and see if they can provide you with something if you need.

All

ESXi4.1 send syslog to multiple remote servers