VMware NSX

 View Only
  • 1.  ESXi host not able to log to the syslog server.

    Posted Oct 15, 2017 02:02 PM

    Folks,

    Our ESXi host is just not able to reach the syslog server after all the configuration done. We have done the configuration based on this URL:

    Configuring syslog on ESXi (2003322) | VMware KB

    The command "nc -z a.b.c.d 514" works fine and the syslog server is being reached. However, the log messages do not go to the syslog server.

    Now, from the above link the "Configuring Local and Remote logging using Host Profiles " section has not been done as it does not seem to be needed.

    Please let us know if anyone has any thoughts/comments on this.

    Thanks!!

    N.



  • 2.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 15, 2017 02:19 PM

    And you made sure to enable the outgoing firewall rule in ESXi on UDP 514? If so, post a screenshot of your syslog.* advanced settings for review. Also state what version of ESXi you have (including build).



  • 3.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 15, 2017 04:12 PM

    We are running VMware ESXi, 5.5.0, 2068190 version. Can you provide some pointers on where to check the outgoing port being enabled?

    I believe you mean security profile, right?

    I have attached all the screen shots which can show the syslog part.

    Thanks. :smileyhappy:



  • 4.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 15, 2017 04:17 PM

    I have another screen shot of the syslog deamon, could this be the issue?



  • 5.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 15, 2017 04:41 PM

    Yes, check the security profile on the Outgoing Connections pane. There was also a known issue whereby logs would stop being sent by the daemon if a network interruption occurred. Follow steps in this KB especially esxcli system syslog reload. Your global log host is using TCP and not UDP, so are you sure  your syslog server supports ingestion via TCP? Some do not, so something to check. Also, are you aware how incredibly outdated you are on patches, even for 5.5? You're more than three years outdated.



  • 6.  RE: ESXi host not able to log to the syslog server.
    Best Answer

    Posted Oct 16, 2017 02:00 AM

    Hi

    On that KB, there is an additional information on the firewall, have you configure that part?

    Additional Information

    Configuring ESXi Firewall Exception using the esxcli command

    Note: You may need to manually open the Firewall rule set for syslog when redirecting logs. For UDP traffic, this firewall rule has no effect in ESXi 5.0 build 456551 and the UDP port 514 traffic flows regardless.

    To open outbound traffic through the ESXi Firewall on UDP port 514 and TCP ports 514 and 1514, run these commands:

    esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
    esxcli network firewall refresh

    2 things that you may want to double check (if you are going to check from UI):

    1. Syslog configuration

    2. Security Profile/Firewall

    If you have vRealize Log Insight, it can configure the syslog for you to forward to Log Insight.



  • 7.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 16, 2017 03:23 AM

    Under the Security Profile I do not see Syslog server as you have mentioned in the earlier 2 screenshots. :-(

    Is this due to the ESXi version which 5.5?



  • 8.  RE: ESXi host not able to log to the syslog server.

    Posted Oct 16, 2017 01:11 PM

    Hi Neel,

       Try below steps if you don't see any configuration issue on ESX Server.

       I am suspecting the issue with your syslog server configuration..

        1. Is it possible you to capture traffic on syslog server using tcpdump -i <Interface_Name> ?

        2. May i ask you which syslog server you are using? Is it linux based syslog server ?? if Yes do check permission on folder level try this command chmod 777 /syslog_folder_path/