jonathanp
Expert
Expert

VMware - Log / Syslog way to keep logs for a define time period - Need Serious input.

Hi,

    this kind of surprise me for long time now, that VMware did not add an option to save logs for a number of days instead of having just the option to size the log file and rotation number to keep.

I know that would need some coding etc, but it would make life a lot more easier for those who are looking for that kind of solution.

Currently, we were using unsupported custom script that we added to each host to achieve this requirement, but it is having all kind of issues, like syslog stop collecting, etc...

So, I want to use something more reliable to achieve that.

we have a budget just to get that working...

What we want :

1- We need to keep logs for 1 year.

2- We need to be able to retrieve if possible logs for a single day / single host in a simple way

Maybe there is a way to achieve that with the products below that I currently test, without having to use custom scripts etc..

1- VMware Syslog Collector

2- vRealize Log Insight 2.5, which seem pretty nice

Anybody have a simple / not so simple but reliable way to achieve that ?

I cannot really believe that I am the only one looking for this kind of solution that would not require to have many 3rd party products, custom scripts, etc...

Thanks for your help.

Jon.

0 Kudos
1 Reply
JarryG
Expert
Expert

"...this kind of surprise me for long time now, that VMware did not add an option to save logs for a number of days instead of having just the option to size the log file and rotation number to keep..."

It's probably because filtering/processing/checking/archiving of log-files is task for centralised log-server. It is not job for ESXi. And I agree with VMware philosophy to keep ESXi small, effective, with minimum disk/memory foot-print, and with only absolutely necessary services running. All non-critical (from virtualizing point of view) services should be off-loaded to somewhere else (maybe dedicated VM)...

The company I work for is using a few primary/backup log-collectors (physical servers in the past, but now fully virtualized) for all our workstations and servers, with database back-end and custom-written web-frontend, but this might be overkill for you. Depending on your application, one simple VM with network-logger of your choice might be enough. Just a few settings for log-rotation, some filtering (i.e. using hostnames/severity/facility/process), some basic tools for archiving (tar/gz) and parsing (find, grep, etc.) should do all you need in just a matter of seconds. Once you set up config-file, no scripting/coding is necessary...

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! 😉
0 Kudos