VMware vSphere

 View Only

  • 1.  Lockdown mode and logging

    Posted Aug 03, 2011 01:53 PM

    Hi,


    I use the vMA for all my logging on a number of ESX and ESXi hosts. Basically using the vilogger feature.


    I just noticed that if I enable lockdown mode on the ESXi hosts then logging is blocked.

    I understand why this is becasue only the vpxa user can login, but how are people capturing log files centrally now?



  • 2.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:04 PM

    Looks like this is by design and can't be circumvented without disabling lockdown mode:

    http://www.virtuallyghetto.com/2011/02/esxi-lockdown-mode-does-not-play-nice.html



  • 3.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:07 PM

    I understand that but surley there must be another way of capuring these log files when lockdown mode is enabled.

    It seems mad.


    I know that vCenter 5 will include a logging appliance which I guess is intended to help here but in the mean time are people simply not using central logging if they decide to use lockdown mode?



  • 4.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:10 PM

    One could only assume.  I know that most of the deployments I have seen that are using vilogger are not utilizing lockdown mode.



  • 5.  RE: Lockdown mode and logging

    Broadcom Employee
    Posted Aug 03, 2011 02:11 PM

    Yes there is another way, you need to setup a syslog server and configure your ESXi host to forward the system logs to your syslog server.

    If you're using vi-logger today on vMA 4, get ready to retire it when vMA 5 is released. The vi-logger functionality will no longer be available and will be depercated. I also wrote about alternatives which is either setting up the new syslog collector in vSphere 5 or syslog server on vMA 5 - http://www.virtuallyghetto.com/2011/07/free-linux-windows-syslog-alternatives.html



  • 6.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:16 PM

    Thanks,

    So what you're saying is that a Winows syslog server can have the logs 'pushed' to it from ESXi even in lockdown mode?



  • 7.  RE: Lockdown mode and logging
    Best Answer

    Broadcom Employee
    Posted Aug 03, 2011 02:21 PM

    This is just standard syslog, it has nothing to do with lockdown mode .... syslog server can be on Windows or Linux, doesn't matter.

    The reason vi-logger does not work with lockdwown mode is it utilizes the vSphere API via vi-admin service account on vMA, when lockdown mode is enabled, ALL accounts are disabled except for vpxa (vCenter Agent) account to manage the ESXi host. Syslog bypasses all this which is what is recommended for shipping your logs to a remote system



  • 8.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:28 PM

    Excellent thanks.


    I shall stop using vilogger and replace this with some form of syslog server then.


    Is splunk any good and will this work ok?



  • 9.  RE: Lockdown mode and logging

    Posted Aug 03, 2011 02:39 PM

    Splunk is OK.  I know of quite a few people that use it and have no regrets.  I personally like using just a typical syslog server but if you want the analytics and other capabilities of reporting ease then sure.