VMware Cloud Community
jfaranda1
Contributor
Contributor
‎06-28-2007 12:10 PM

Exporting ESX3 log files (syslog)

Hi All,

I am trying to export my ESX 3 logs files using syslog.conf to another Linux machine. I have succesfully set this up and I can get general information forwarded to my syslog server. However, I cannot get the vmware logs (/var/log/) to appear on the syslog server. Files and directories such as vmkernel, vmkproxy, vmksummary, etc...

I have a standard /etc/syslog.conf file and I added to the end:

\*.* @10.0.0.88

where 10.0.0.88 is the syslog server IP Address.

This setup does work, but I cannot get the vm logs to my server. Any ideas?

0 Kudos
7 Replies
Banshee
Enthusiast
Enthusiast
‎06-28-2007 01:53 PM

What is the outgoing port? Did you open this port in the firewall?

you can enable this by doing the following:

esxcfg-firewall -e sshClient ( If you are using ssh to connect)

or if you are using non standard ports use the following command line:

esxcfg-firewall -o 22,tcp,ssh (as an example)

Hope this solves your problem

greetz,

0 Kudos
jfaranda1
Contributor
Contributor
‎06-28-2007 01:59 PM

Hi,

It's not firewall related. I have the ESX server suucessfully contacting the syslog server, but it's not logging the vmware types: vmkernel, vmksummary, vmkwarning, etc...

How can I get ESX to successfully export the vmware type logs to the syslog server?

Thanks.

0 Kudos
Rudolf_Chytil
Contributor
Contributor
‎06-29-2007 05:43 AM

Hi, I'm in the same trouble. We want to use ESX 3. For security reasons I have to export VM logs to secure storage (to another machine). I have to watch independent-persistent/nonpersistent HDD mode parameter. I figured out remote share using smbmount, but it doesnt make a copy and actual log is unreadable until VM stops. Then I tryied to use FIFO called vmlog.log, but it is renamed every VM PowerOn. Is there any way to use syslog or to catch "PowerOn button click" event? Or is there any parametr in MyVirtualMachine.vmx like run.App="MyLogingScript" . Thanks in advance...

0 Kudos
Texiwill
Leadership
Leadership
‎06-29-2007 09:05 AM

Hello,

To allow syslog to send data remotely is a 2 part procedure.

1) Adding

\*.* @server

2) run

esxcfg-firewall -o 514,udp,out,syslog

If you do not do the last then it will not send data even if it appears to connect.

As for the vmware.log files being logged remotely. These do not use syslog so the syslog server can not be setup to do that without a script running. You could write a script that tails the vmware.log file and then pumps the output syslog using the logger shell command.

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
Rudolf_Chytil
Contributor
Contributor
‎07-10-2007 01:44 AM

Thanks Edward, I'm a step closer to finish this. I was wondering if there is a way to make vmware machines logging into linux pipe. I tryed to add parameter into myvirtualmachine.vmx st. like log.fileName="|/dev/vmlogpipe" but with no succes.

0 Kudos
Rudolf_Chytil
Contributor
Contributor
‎07-17-2007 10:58 PM

Following Edvard's tips, my logging works perfectly. I send vmkernel to pipe. Using head -n1 $PIPENAME to read vmkernel log and grep for "Starting world vmm0" to detect VM start. Then PID =`ps -ef | grep /usr/lib/vmware/bin/vmkload_app | grep $VMNAME.vmx | awk '\{print $2}'`

So I have PID of VM. Use tail with PID to read vmware.log and send it via logger to syslog.

0 Kudos
korman
Contributor
Contributor
‎10-19-2009 04:32 PM

How exactly did you export the /var/log/vmkernel to syslog?

0 Kudos