VMware Cloud Community
TheVMinator
Expert
Expert
Jump to solution

Converting to Log Insight

A Few questions about converting log storage to log insight

-Is it possible to Install Log Insight and begin sending ESXi host logs to log insight, but also keep the copy on the local host at the same time?  In other words write every log entry both to the local host and to Log Insight?

-What are the caviats of making the changeover?  I want to make sure the transition is smooth so that no logs are lost if there is a hitch in the setup.  Are there risks here?

-If you write logs for ESXi hosts only to the log insight server What happens when the Log insight server goes down?  Are logs by default rerouted to the local host so that you don't lose log info in an outage that affects the log insight server?

Reply
0 Kudos
1 Solution

Accepted Solutions
sflanders
Commander
Commander
Jump to solution

ESX/ESXi supports both local and remote syslog. Information on how to configure each is available here: http://kb.vmware.com/kb/2003322. The recommendation is always to configure both local and remote syslog to ensure you have a copy of the data. There is no caveat of using remote syslog other than a known bug that remote syslog can stop working on certain version of ESXi (5.0 and 5.0U1 on UDP and every version of 5.0 and 5.1 on TCP). By default, local syslog is always configured, however if scratch space is not configured properly on the ESXi host then logs could be lost on reboot. Take a look at the KB article, it should outline everything you need.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

Reply
0 Kudos
2 Replies
sflanders
Commander
Commander
Jump to solution

ESX/ESXi supports both local and remote syslog. Information on how to configure each is available here: http://kb.vmware.com/kb/2003322. The recommendation is always to configure both local and remote syslog to ensure you have a copy of the data. There is no caveat of using remote syslog other than a known bug that remote syslog can stop working on certain version of ESXi (5.0 and 5.0U1 on UDP and every version of 5.0 and 5.1 on TCP). By default, local syslog is always configured, however if scratch space is not configured properly on the ESXi host then logs could be lost on reboot. Take a look at the KB article, it should outline everything you need.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
TheVMinator
Expert
Expert
Jump to solution

OK great thanks!

Reply
0 Kudos