VMware vSphere

 View Only

  • 1.  Build / Need a syslog server

    Posted Jun 27, 2011 07:11 PM

    Is anyone using a syslog server to capture Standalone ESXi host logs? I have a cuople of standalone ESXi 4.x hosts and need to start collecting logs because one went haywire on me this weekend.

    So my question is, what products are you using for syslogging? A free one is best but not necessary.

    Admittedly I have never set one up so the easiest product, like one for "Dummies", would probably be ideal. :smileysilly:

    Thanks



  • 2.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:14 PM

    Hello.

    I have used Kiwi in the past with some success.  Currently also using CentOS running syslog-ng and finding it much easier to manage.  vMA also comes with one.  It really comes down to how much (or how many hosts) you will be logging to it and how you want to manage the logs.  Kiwi is super easy, but the free version gives you a single log file to sort through.

    Good Luck!



  • 3.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:19 PM

    Thanks, I saw Kiwi in a google search.

    Like a dummy, I forgot to mention we need it to be a Windows Server and preferably on a 2008 R2 build.

    Kiwi will be one of them I will test. I don't get their licensing though, 12 months? 24 months? I'll try them then call them if they are a viable solution for us.

    anyone else?



  • 4.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:21 PM

    Does it have to be Windows?  You could use vMA, it works very well.



  • 5.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:25 PM

    @Troy

    If it were just me managing it it could be a Linux build but since the team is comprised of all Windows admins, it has to be windows.

    What's vMA?



  • 6.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:28 PM

    http://www.vmware.com/support/developer/vima/

    ...and a good how to. http://www.simonlong.co.uk/blog/2010/05/28/using-vma-as-your-esxi-syslog-server/

    vMA can be used for so much more than a syslog server, but it's free and it can syslog.



  • 7.  RE: Build / Need a syslog server

    Posted Jun 27, 2011 07:39 PM

    There are web interfaces available for syslog-ng and rsyslog. Splunk is available for Windows.



  • 8.  RE: Build / Need a syslog server

    Posted Jun 28, 2011 12:27 PM

    I have to second DSTAVERT's suggestion of Splunk, especially if you're a Windows shop. But there are a couple of caveats. The free license only allows 500MB of data indexing per day; an ESXi cluster with 6 hosts can regularly generate more than 500MB of syslog data per day. It's also not cheap on the low end, a license for 1 GB of data per day is $10,000 and 20% ($2000) per year in maintenance. But with those things in mind, it's absolutely unparalleled at what it does in my opinion.



  • 9.  RE: Build / Need a syslog server
    Best Answer

    Posted Jun 28, 2011 01:50 PM

    Kiwi is a great service, it came highly recomended and now is highly recomended