AlbertWT
Virtuoso
Virtuoso

Best practice to store the System Logs for all of the newly upgraded ESXi hosts ?

Jump to solution

Hi People,

What are the options and best practice for the System Logs for all of the newly upgraded ESXi 5.1u1 hosts ?

Do I need to have Syslog server or this can be ignored safely ?

Thanks

/* Any kind of comment or input would be greatly appreciated */
Tags (2)
1 Solution

Accepted Solutions
Gortee
Hot Shot
Hot Shot

Evening,

Syslog is prefered but VMware has provided a syslog collector on the vcenter install disk that can be installed on any windows host or on your vcenter. I cannot count the number of times I have had hosts psod and the logs lost... thank goodness for the syslog that collects right up to the crash.  It's not required but it's a really good idea without any real cost since you can use your vcenter host.

Here is a article on how to install it:

Setting up the ESXi Syslog Collector | VMware vSphere Blog - VMware Blogs

Thanks

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143

View solution in original post

8 Replies
MarVista
Enthusiast
Enthusiast

Hi,

To have a Syslog server is more preferable, in any case,

Because centralized managing hosts more flexible and comfortable to do.

Yours,
Mar Vista

0 Kudos
AlbertWT
Virtuoso
Virtuoso

Thanks man for the reply,

So it is a must for the ESXi 5.1 ? because I do not have it in my current Windows environment for all of my ESX & ESXi 4.1

/* Any kind of comment or input would be greatly appreciated */
0 Kudos
Gortee
Hot Shot
Hot Shot

Evening,

Syslog is prefered but VMware has provided a syslog collector on the vcenter install disk that can be installed on any windows host or on your vcenter. I cannot count the number of times I have had hosts psod and the logs lost... thank goodness for the syslog that collects right up to the crash.  It's not required but it's a really good idea without any real cost since you can use your vcenter host.

Here is a article on how to install it:

Setting up the ESXi Syslog Collector | VMware vSphere Blog - VMware Blogs

Thanks

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143

View solution in original post

AlbertWT
Virtuoso
Virtuoso

Thanks man, I appreciate your assistance and clarification.

I assume that 40 GB dedicated 😧 drive on the VCenter VM is sufficient to store the logs for 55 VMHost.

/* Any kind of comment or input would be greatly appreciated */
0 Kudos
Gortee
Hot Shot
Hot Shot

I'll be honest that vmware logs are very very chatty.   I am not sure how much space you will need just make it a dynamic disk so you can expand it in Windows later Smiley Happy 

On my main production cluster I have 9 nodes running around 700 virtual machine and I do about 2GB's a day of logs in vmware.

But 40 should at least store the last 12 hours without any issues.

Thanks

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143
AlbertWT
Virtuoso
Virtuoso

Gortee,

I guess this can be set in the ESXi Syslog setting somehow to roll the log more often let say every 24 hrs to prevent log buildup.

/* Any kind of comment or input would be greatly appreciated */
0 Kudos
Gortee
Hot Shot
Hot Shot

Sorry I should have made that more clear it can be done when installed or afterwards.  I personally don't use the log collector because we have Linux based central syslogs in my environment plugged into splunk.  But you can choose how long to keep them and max size of the logs before they rotate:

If afterwards look at this article:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=202165...

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143
grasshopper
Virtuoso
Virtuoso

If you just want to collect the data and not do much with it, then the basic VMware syslog that comes on the vCenter installation ISO works just fine.  If you want to take it to the next level and proactively use this data then I would go for a product like splunk or better yet, VMware LogInsight (a bit pricey like all solutions but worth every penny IMO).

Running out of space won't be an issue on the LogInsight appliance.  If expansion is needed, you can easily just add another vmdk to the virtual appliance and reboot it.  It will then do all the LVM work to increase the disk size for you.  You can also archive aging logs automatically to NFS for example.

To start using LogInsight just deploy the virtual appliance and add your vCenter.  Next configure your ESXi hosts to use the appliance for their syslog.  This can be done via the vSphere client, using a tool provided by LogInsight, or the most fun and satisfying of course is using a PowerCLI command like this.

PS - The following is a pretty good pdf about sizing syslog solutions in general.  Although this is from a company that sells syslog products, they did a great job of being vendor agnostic.

http://content.solarwinds.com/creative/pdf/Whitepapers/estimating_log_generation_white_paper.pdf