6 Replies Latest reply on Sep 20, 2018 11:19 AM by Marmotte94

    syslog problems

    meadrocks Lurker

      I have a ESXi standalone 6.7 server & I'm trying to get syslog to work, but all attempts have failed so far.

      Here's my vmsyslog.conf file, and the syslog server name is resolving.

      What am I missing?

      Thanks

       

      --Andrew

       

      [root@vmware6:/var/log] cat /etc/vmsyslog.conf

      [DEFAULT]

      drop_log_size_kb = 100

      logdir = /scratch/log

      rotate = 8

      check_ssl_certs = true

      default_timeout = 180

      logdir_unique = false

      size = 1024

      loghost = udp://syslog.z.com:514

      queue_drop_mark = 90

      drop_log_rotate = 10

       

      [vmsyslog]

      rotate = 8

      size = 1024

      loghost = udp://syslog.z.com:514

       

      [root@vmware6:/var/log] ping syslog.z.com

      PING syslog (192.168.240.13): 56 data bytes

      64 bytes from 192.168.240.13: icmp_seq=0 ttl=64 time=0.149 ms

      64 bytes from 192.168.240.13: icmp_seq=1 ttl=64 time=0.294 ms

        • 1. Re: syslog problems
          GayathriS Expert

          Are you following the steps provide din below doc to configure syslog on esxi 6.7 :

          Configure Syslog on ESXi Hosts

           

          Could you also help me understand if you are getting any errors while configuring syslog.

           

          regards

          Gayathri

          • 2. Re: syslog problems
            meadrocks Lurker

            I don't see any errors.

             

            [root@vmware6:~] esxcli system syslog config get

               Default Network Retry Timeout: 180

               Dropped Log File Rotation Size: 100

               Dropped Log File Rotations: 10

               Enforce SSLCertificates: true

               Local Log Output: /scratch/log

               Local Log Output Is Configured: true

               Local Log Output Is Persistent: true

               Local Logging Default Rotation Size: 1024

               Local Logging Default Rotations: 8

               Log To Unique Subdirectory: false

               Message Queue Drop Mark: 90

               Remote Host: udp://syslog.z.com:514

            [root@vmware6:~] esxcli system syslog reload

            [root@vmware6:~]

            • 3. Re: syslog problems
              Marmotte94 Enthusiast
              vExpert

              Hi,

              Verify your Firewall from esxi to syslog.

              #  esxcli network firewall ruleset list --ruleset-id=syslog

              #  esxcli network firewall ruleset rule list --ruleset-id=syslog

              # esxcli network firewall ruleset allowedip list --ruleset-id=syslog

               

              Thank you,

              • 4. Re: syslog problems
                meadrocks Lurker

                [root@vmware6:~]  esxcli network firewall ruleset list --ruleset-id=syslog

                Name    Enabled

                ------  -------

                syslog    false

                [root@vmware6:~] esxcli network firewall ruleset rule list --ruleset-id=syslog

                Ruleset  Direction  Protocol  Port Type  Port Begin  Port End

                -------  ---------  --------  ---------  ----------  --------

                syslog   Outbound   UDP       Dst               514       514

                syslog   Outbound   TCP       Dst               514       514

                syslog   Outbound   TCP       Dst              1514      1514

                 

                [root@vmware6:~] esxcli network firewall ruleset allowedip list --ruleset-id=syslog

                Ruleset  Allowed IP Addresses

                -------  --------------------

                syslog   All

                 

                Do I need to open the firewall for syslog? How do I do that? I'm very new to vmware.

                • 5. Re: syslog problems
                  meadrocks Lurker

                  I did the following, seems to have fixed it.

                   

                  esxcli network firewall ruleset set --ruleset-id syslog --enabled true

                  esxcli network firewall ruleset allowedip list --ruleset-id syslog

                  • 6. Re: syslog problems
                    Marmotte94 Enthusiast
                    vExpert

                    Hi,

                    You must enabled firewall with this command line.

                    #  esxcli network firewall ruleset set --enabled true --ruleset-id=syslog

                     

                    Please mask as resolve.

                     

                    Thank you,