Forward virtual machine vmware.log to a syslog server

Forward virtual machine vmware.log to a syslog server

Synopsis:

    Forward a virtual machine's vmware.log file to a syslog server

Prerequisites:

  • vSphere 5.1 or higher
  • ESXi hosts configured to forward logs to syslog server

The function creates two advanced vm settings, 'vmx.log.destination' and 'vmx.log.syslogID'. The first setting sends the log to the vm's datastore and the syslog server. The second adds the virtual machine's name to the log. Without the second setting the virtual is only identified by its PID. If the virtual machine name has changed since the last time the function has run the name will be updated to the new name.

This function can be run on powered on machines but logs will not be forwarded until the vmx file is reloaded. To reload a vmx file either power off and power on the virtual machine or perform a vMotion. Added .Reload() method to modified virtual machines. Now changes will be reflected immediately.

Inspired from A Hidden vSphere 5.1 Gem – Forwarding Virtual Machine Logs (vmware.log) to Syslog Part 1 | virtually...

function Set-VMSyslog


    {


    <#


  .SYNOPSIS


    Add VM advanced settings to foward vmware.log to syslog server


  .EXAMPLE


    Get-VM -Name "VM Name" | Set-VMSyslog


  .EXAMPLE


    $VM = Get-VM -Name "VM Name"


    Set-VMSyslog -VM $VM


    #>


    Param (


        [Parameter (


                    Mandatory=$true,


                    ValueFromPipeline=$true


                    )


        ][VMware.VimAutomation.ViCore.Impl.V1.Inventory.VirtualMachineImpl]$VM


        )


        Begin


            {}


        Process


            {


            $SyslogName = $VM.name


            $VMLogDestSetting = $VM | Get-AdvancedSetting -Name 'vmx.log.destination'


            $VMLogIDSetting = $VM | Get-AdvancedSetting -Name 'vmx.log.syslogID'


            $Edit = $false




            #Set log destination if needed


            if ([bool]!$VMLogDestSetting)


                {


                $VM | New-AdvancedSetting -Name 'vmx.log.destination' -Value 'syslog-and-disk' -Confirm:$false | Out-Null


                $Edit = $true


                }


          


            #Set syslog id if needed


            if ([bool]!$VMLogIDSetting)


                {


                $VM | New-AdvancedSetting -Name 'vmx.log.syslogID' -Value $SyslogName -Confirm:$false | Out-Null


                $Edit = $true


                }


            #Update syslog id if name has changed


            elseif ($VMLogIDSetting.Value -ne $SyslogName)


                {


                $VMLogIDSetting | Set-AdvancedSetting -Value $SyslogName -Confirm:$false | Out-Null


                $Edit = $true


                }


          


            #Reload VM object if edit is made


            if ($Edit)


                {


                $VM.ExtensionData.reload()


                }


            }


        End


            {}


    }
Tags (1)
Attachments
Set-VMSyslog.ps1.zip
1_Set-VMSyslog.ps1.zip
0 Kudos
Comments
VMsysPete
‎08-26-2016 07:57 AM
‎08-26-2016 07:57 AM

has this been broken in 6.0?  I've configured this and have two remote syslog servers, one is loginsight and the other is splunk.  neither seem to be getting the data from the vmware.log file for a VM.

Tocano
‎02-02-2017 08:14 AM
‎02-02-2017 08:14 AM

While the vmx.log.destination still seems to work, it seems that the vmx.log.syslogID does not in 6.0.

I have no idea why, but setting the vmx.log.destination allows me to redirect the VM logs into syslog (and thus into things like LogInsight), but the value of that is limited if I cannot place a unique label on the entries. Otherwise it's virtually impossible to track long-term data as every time the VM migrates or powers off/on, it gets a new PID.

Version history
Revision #:
1 of 1
Last update:
‎09-28-2015 08:22 AM
Updated by:
Contributor
 
View Article History