VMware Cloud Community
Uday1990
Contributor
Contributor
‎04-07-2022 02:49 AM

Enable SNMP and Syslog on entire cluster

Hi All,

 

Could you please share any script to enable SNMP and Syslog on the entire cluster?

 

Thanks

0 Kudos
4 Replies
scott28tt
VMware Employee
VMware Employee
‎04-07-2022 03:27 AM

On the assumption that you meant with PowerCLI for a vSphere cluster, I've reported your thread so moderators should move it to the correct area.

You should definitely search the PowerCLI area though, the likelihood is that you're not the first person to have such a requirement.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
ObjectifDubai
Enthusiast
Enthusiast
‎04-07-2022 04:56 AM

Hello,

Are you talking about the syslog of the ESXIs constituting your Cluster?
If so, you can use this command to configure the syslog of your ESXIs

 

 

Get-AdvancedSetting -Entity (Get-cluster -name mycluster | Get-VMHost) -Name syslog.global.logHost | 
Set-AdvancedSetting -Value 'udp://mon-syslog.domaine.fr:514' -Confirm:$false

 

 

 

 

Then if you want to check the configuration of your ESXIs:

 get-vmhost | select name, @{N='Exception';E={($_ | Get-VMHostFirewallException -Name syslog).name}},@{N='Enabled';E={($_ | Get-VMHostFirewallException -Name syslog).enabled}} | Format-Table -AutoSize
 
Name                   Exception   Enabled
----                       ---------          -------
esxi1.domaine.fr   syslog         True
esxi2.domaine.fr   syslog         True
esxi3.domaine.fr   syslog         True

 

0 Kudos
Uday1990
Contributor
Contributor
‎04-07-2022 06:10 AM

Hi,

 

Can we add a network firewall ruleset with this command?

 

Thanks

0 Kudos
ObjectifDubai
Enthusiast
Enthusiast
‎04-07-2022 07:13 AM

HI,

If you want to act on the ESXI firewall, i think you should use the cmdlets:

  • Get-VMHostFirewallException
  • Set-VMHostFirewallException

 

For Example, to enable or disable the "SSH Client" port: : 

 

# Enable
Get-vmhost -name MonEsxi | Get-VMHostFirewallException -Name "SSH CLIENT" |Set-VMHostFirewallException -Enabled $true
#
# disable
Get-vmhost -name MonEsxi | Get-VMHostFirewallException -Name "SSH CLIENT" |Set-VMHostFirewallException -Enabled $false
#

 

 

 

 

 

 

 

For SNMP  :

 

 

PS C:> Get-vmhost -name myEsxi1* | Get-VMHostFirewallException -Name SNMP*

Name                 Enabled IncomingPorts  OutgoingPorts  Protocols  ServiceRunning 
----                 ------- -------------  -------------  ---------  -------------- 
SNMP Server          True    161                           UDP        False          



PS C:> Get-vmhost -name myEsxi1* | Get-VMHostFirewallException -Name "SNMP Server" | Set-VMHostFirewallException -Enabled $false

Name                 Enabled IncomingPorts  OutgoingPorts  Protocols  ServiceRunning 
----                 ------- -------------  -------------  ---------  -------------- 
SNMP Server          False   161                           UDP        False          



PS C:> Get-vmhost -name myEsxi1* | Get-VMHostFirewallException -Name "SNMP Server" | Set-VMHostFirewallException -Enabled $true

Name                 Enabled IncomingPorts  OutgoingPorts  Protocols  ServiceRunning 
----                 ------- -------------  -------------  ---------  -------------- 
SNMP Server          True    161                           UDP        False

 

 

 

 

 

 

0 Kudos