VMware vSphere

 View Only

  • 1.  ESX Syslog Server? What is the best?

    Posted Feb 12, 2009 07:53 PM

    What does everyone use out there? I am looking for a syslog server that we can use to search, alert and bomb logs from. Any ideas?



  • 2.  RE: ESX Syslog Server? What is the best?

    Broadcom Employee
    Posted Feb 12, 2009 08:07 PM

    Might want to look into VIMA:

    http://www.yellow-bricks.com/2008/11/25/vmotioning-your-service-console/

    http://www.vmware.com/support/developer/vima/

    Duncan

    Blogging: http://www.yellow-bricks.com

    If you find this information useful, please award points for "correct" or "helpful".



  • 3.  RE: ESX Syslog Server? What is the best?

    Posted Feb 12, 2009 08:44 PM

    Very interesting. Not sure how I missed this one. :smileyhappy:



  • 4.  RE: ESX Syslog Server? What is the best?

    Posted Feb 13, 2009 12:32 PM

    Take a look at http://www.kiwisyslog.com/ and http://www.splunk.com/

    Both have "free" versions, but also have paid supported versions as well. They offer nice search capabilities along with syslog server for the enterprise.

    Dave

    ************************

    Accomplishing the impossible means only that the boss will add it to your regular duties.

    Doug Larson



  • 5.  RE: ESX Syslog Server? What is the best?

    Posted Feb 14, 2009 03:01 AM

    I am not exactly sure what VIMA does when I set it up to pull logs from a host. Can I grep them somewhere? Where do they go?

    I will try out the other tools you mentioned!



  • 6.  RE: ESX Syslog Server? What is the best?

    Posted Feb 14, 2009 12:30 PM

    Another on is the Syslog virtual appliance -> http://www.vmware.com/appliances/directory/53592

    I never got around to looking at this one, but it may be what you are looking for.

    I haven't completely figured out VIMA myself, but it actively collects logs. A syslog server will receive logs sent to it from anything. You will need to set up the syslog settings on each of the ESX/ESXi servers.

    Dave

    ************************

    Accomplishing the impossible means only that the boss will add it to your regular duties.

    Doug Larson



  • 7.  RE: ESX Syslog Server? What is the best?

    Posted Feb 14, 2009 08:07 PM

    The best and most configurable syslog server is syslog-ng, hands down, you can configure it to do basically anything that you could possibly need. For advanced alerting and searching I would recommend splunk. I have a syslog-ng server right now that does about 100gb of data a day so it should be able to handle any volume you can throw at it. The only downside of splunk is that it is rather pricy if you need a ton of volume, but there is a free version.

    syslog-ng: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/

    splunk: http://www.splunk.com/



  • 8.  RE: ESX Syslog Server? What is the best?

    Posted Mar 12, 2009 09:27 PM

    You're best bet is using Splunk. Its an amazing product --- and free (if you index less than 500MB/day).

    Here's how to get ESX data via syslog:

    They also have a Splunk for VMware app that gets all of your VirtualCenter logs, virtual machine metrics and configurations. You can then search, alert and even report against the data really easily.

    Download it here: www.splunk.com



  • 9.  RE: ESX Syslog Server? What is the best?

    Posted Nov 07, 2011 11:13 AM

    yeah splunk rocks !!!

    Cheers guys 



  • 10.  RE: ESX Syslog Server? What is the best?

    Posted Jan 23, 2012 11:17 AM

    graylog 2 is good opensource .. I've tried it  , serves the purpose.