VMware vSphere

I am new to ESXi and am having trouble with syslog. I created a directory called logfiles and went to advanced settings in the vi client, and set the local datastore path to

logfiles/myesxiserver.log (with brackets around the datastore name)

and set the remote hostname to my syslog server (same syslog server that my ESX hosts point to).

The file is not getting created on the local datastore and I don't see any messages getting sent to the syslog server. I have tried rebooting but had no luck. Is there anything that needs to be set to get syslog to start sending the syslog events to these locations?

Thanks

Hi,

maybe you have something wrong with your configuration

Look at this paper.

http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf

It begins at site 67. There is a description how to use syslog.

Frank

If you find this information useful, please award points for "correct" or "helpful".

Those are the instructions I followed to set it up. It is just not working. The file is not even being created on the datastore.

I went into the server in techsupport mode to look at the syslog.conf file and I see that it is set to the datastore/file and syslog server that I set. I tried using logger to send test messages but I am still not seeing the file created or messages sent to the syslog server.

Hi,

OK, maybe this work better for you

Install the vMA.

Configruation for the ESXi to send syslog traffic

1. Use SSH to connect to vMA

2. Type vifpinit <ESX_host_name> ro reset vi-fastpass. Example:

3. vifpinit myvMA.vmware.com

4. Type vicfg-syslog -s <IP_address_of_vMA> to configure syslog on the ESXi host.

5. Example:

6. vicfg-syslog -s 10.18.137.187

Configure vMA as a syslog receiver

1. Use SSH to connect to vMA.

2. Type "sudo service syslog stop" to shut down syslog on vMA

3. Type "sudo nano /etc/sysconfig/syslo" to edit the syslog conifguration file.

4. Locate the line with the text SYSLOGD_OPTIONS="-m 0"

5. Replace it with SYSLOGD_OPTIONS="-r -m 0". It is the -r that turnsthis into a receiver.

6. Type "sudo service syslog start" to start the syslog daemon.

7. Type sudo tail /var/log/messages to confirm that syslog has restarted and is now able to receive messages. Look for the syslogd restart reception" message at the end of the log file.

8. Type "sudo iptables -I INPUT -i eth0 -p udp --dport 514 -j ACCEPT" to open the firewall on vMA to receive syslog traffic.

9. Type "sudo nano /etc/rc.local to edit the rc.local file in the nano text editor.

10. Type the iptables -IINPUT -i eth0 -p udp --dport 514 -j ACCEPT" inito the file after the line touch /var/lock/subsys/local.

Press Ctrl+X to exit the nanao editor.

Save your changes to the file.

Test your syslog receiver.

1. Use SSH to connect to the ESXi Host.

2. Go into the unsupportet mode.

3. Type logger This is a test from my esx host.

4. Use SSH to connect to vMA

5. Type "sudo tail /var/log/messages.

6. You should be able to the the test message.

Or by a KIWI Syslog Server:

http://www.kiwisyslog.com/kiwi-cattools-overview/

And configure your ESXi Host to send logs to that server.

Frank

If you find this information useful, please award points for "correct" or "helpful".

Addtional question to your answer: If you use a KIWI syslog server, can the syslogserver be virtual?

In other words, can ESX(i) log to a VM running a syslog server that is running on the same ESX(i) host? (if so, how does ESXi handle the fact that the syslogserver is not running when ESX(i) is booting?)

Don't want to hijack the thread but I think the question/answer might provide addtional value to this topic.

TIA

Hi,

our syslog Server is Virtual. Until now, we do not have any problems with that. If the Host become a power outage or something like that, than you do not have any logging. Thats the drawback. But you have vMotion and HA. If your physical Syslog Server goes down, you do not have any logging as well. You do not have any problems when booting. Because normaly, the vm is taken on a other host with vMotion.

Frank

If you find this information useful, please award points for "correct" or "helpful".

I'm running only 1 esxi server that is why I was asking.. :smileywink:

Thanks for your swift answer Frank..!