Hi community, I'm trying to forward all ESXi-logs to my central log-server, but it does not work. I opened esxi-firewall, set-up Syslog.global.LogHost as tcp://10.0.0.171:514 but all I see on ...
See more...
Hi community, I'm trying to forward all ESXi-logs to my central log-server, but it does not work. I opened esxi-firewall, set-up Syslog.global.LogHost as tcp://10.0.0.171:514 but all I see on log-server (10.0.0.171) is: 2013-04-23T19:26:26+00:00 vs1-sys syslog-ng[1552]: Syslog connection accepted; fd='10', client='AF_INET(10.0.0.170:50036)', local='AF_INET(0.0.0.0:514)' 2013-04-23T19:26:26+00:00 vs1-sys syslog-ng[1552]: Invalid frame header; header='' 2013-04-23T19:26:26+00:00 vs1-sys syslog-ng[1552]: Syslog connection closed; fd='10', client='AF_INET(10.0.0.170:50036)', local='AF_INET(0.0.0.0:514)' And all I found on ESXi-server (10.0.0.170) in vobd.log is: 2013-04-23T19:26:48.126Z: [GenericCorrelator] 7587675368us: [vob.user.vmsyslogd.remote.failure] The host "10.0.0.171:514" has become unreachable. Remote logging to this host has stopped. 2013-04-23T19:26:48.126Z: [UserLevelCorrelator] 7587675368us: [vob.user.vmsyslogd.remote.failure] The host "10.0.0.171:514" has become unreachable. Remote logging to this host has stopped. 2013-04-23T19:26:48.127Z: [UserLevelCorrelator] 7587675741us: [esx.problem.vmsyslogd.remote.failure] The host "10.0.0.171:514" has become unreachable. Remote logging to this host has stopped. So where is the problem? I know log-server works, it collects messages from a few servers without any problem. So the problem is somewhere in ESXi-server. BTW I noticed nearly all messages in ESXi-logs (locally saved to files) look strange. The have neither BSD (priority, header, message), nor IETF (header, data, message) format. This might be the problem. Log-server probably does not know how to process such messages...