Log forwarding

Log forwarding

Hi,

We have configured ESXis log forwarding to SIEM and log forwarding purges logs from ESXis.

Problem is, SIEM is not being controlled by diffrent team and we have to follow a cumbersome process to get the logs for troubleshooting purpose.

Questions:

1. Is it posible to retain logs at ESXi level as well, along with forwarding enabled.

2. Can we configure second log collector in parallel to the existing one?

0 Kudos
Comments
bryanvaneeden
‎02-17-2021 12:18 PM
‎02-17-2021 12:18 PM

Hi @er_balrajsingh,

I think I got you covered here, below the answers to your questions:

1. You can, and you are already retaining logs at the ESXi level. You can increase the amount of logs, and rotations in the advanced settings in the ESXi host, from the vSphere Client.

2. You can definitely have more than 1 syslog server configured on the ESXi host, have a look at the following documentation: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.upgrade.doc/GUID-9F67DB52-F469-451F-B6... It's a comma seperated list in the advanced setting. We use it all the time.

I hope this helped!

scott28tt
‎02-17-2021 03:07 PM
‎02-17-2021 03:07 PM

@er_balrajsingh 

This should be posted in the ESXi Discussions area, not as an article in the ESXi Documents area.

er_balrajsingh
‎02-18-2021 04:13 AM
‎02-18-2021 04:13 AM

Thanks bryanvaneeden !

Version history
Revision #:
1 of 1
Last update:
‎02-17-2021 07:23 AM
Updated by:
Contributor
 
View Article History