Hello,

Syslog uses UDP port 514 <== Standard

Reliable Syslog Service uses UDP/TCP ports 601.

You need to enable this for outgoing. You would use:

esxcfg-firewall -o 514,udp,out,SYSLOG

Best regards,

Edward

We have setup a separate loghost running linux and then parse the logs it receives from all the ESX servers with an open source log checker. The log checker sends email every hour that contains log entries that we have chosen not to ignore. Here is what our /etc/syslog.conf looks like on a VI 3.0.1 server. The 123.45.67.89 address is where you would put your loghost address. The cut and paste may jam the lines together in the example below but you will still be able to get an idea.

\# Log all kernel messages to the console.

\# Logging much else clutters up the screen.

#kern.* /dev/console

\# Log anything (except mail) of level info or higher.

\# Don't log private authentication, cron, or vmkernel messages!

*.info;mail.none;authpriv.none;cron.none;local6.none;local5.none /var/log/messages

*.info;mail.none;authpriv.none;cron.none;local6.none;local5.none @123.45.67.89

\# The authpriv file has restricted access.

authpriv.* /var/log/secure

authpriv.* @123.45.67.89

\# Log all the mail messages in one place.

mail.* /var/log/maillog

mail.* @123.45.67.89

\# Log cron stuff

cron.* /var/log/cron

cron.* @123.45.67.89

\# Everybody gets emergency messages

*.emerg *

*.emerg *

\# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

uucp,news.crit @123.45.67.89

\# Save boot messages also to boot.log

local7.* /var/log/boot.log

local7.* @123.45.67.89

#send all local6.info messages to special summary log only.

local6.info;local6.!notice /var/log/vmksummary

local6.info;local6.!notice @123.45.67.89

#send all local6.warning messages to warnings logs.

local6.warning /var/log/vmkwarning

local6.warning @123.45.67.89

#send all local6.notice and higher messages to vmkernel log.

local6.notice /var/log/vmkernel

local6.notice @123.45.67.89

#send all userworld proxy messages to proxy log

local5.* /var/log/vmkproxy

local5.* @123.45.67.89

#send all storage monitor related messages to storageMonitor log

local4.* /var/log/storageMonitor

local4.* @123.45.67.89

So I assume your syslog.conf file looks similar to ours. Sorry to ask the obvious but did you look through the man page on syslogd for clues on how loghosting works? Wish I could be more help.

Hello,

I imagine it is more an issue with 'logger' than syslog....

Do something that forces a normal kernel log message.... For example mount an iso using the loop back device.

mount -o loop Name.iso directoryName

Then umount the device. It will add a kernel log message without using logger.

Best regards,

Edward

I tried it on several of our linux servers and the output goes to /var/log/messages when you issue logger -p kern.info TEST.

If you change it to logger -p local7.info TEST then it goes to /var/log/boot.log

logger -p local6.warning TEST will write to /var/log/vmkwarning and /var/log/vmkernel

logger -p local6.notice TEST will write to /var/log/vmkernel only

Could it be that your issue with kernel.info is that anything that is *.info will go to /var/log/messages?

You can also use the -t option to force the "appearance" of whichever facility you like regardless of the actual facility the message is routed through.

\[root@vmhost root]# logger -p local0.notice -t VMware.Admin foo && tail -1 /var/log/messages

Jun 15 11:53:38 vmhost VMware.Admin: foo

\[root@vmhost root]#

Optionally, to avoid syslogd handling and routing of the message, you can use the -f switch to write directly to a file or the -u option to submit it via socket to a remote syslog daemon.