VMware vSphere

 View Only
  • 1.  Sending Selected syslogs to Remote Log Server

    Posted Jan 26, 2020 05:42 AM

    I have ESXi Version 6.0 integrated with vCenter. I have successfully completed configuration for sending logs to remote Syslog Server. Logs are being received on remote log servers from all ESXi hosts but only "Early Init log Z <esxi-hostname> hostd-prob".

    I want to send user activity logs on ESXi, Such as user log-ins etc to remote syslog server.

    Please let me know where and what to add so that I may receive all logs or selected-logs on my remote-syslog servers.

    Thank you,



  • 2.  RE: Sending Selected syslogs to Remote Log Server

    Posted Jan 26, 2020 08:24 AM

    Hi,

    When you config Remote Syslog for your ESXi hosts, all logs will be sent to your Syslog server by default. you can check your logger list on ESXi hosts by using this command:

    "esxcli system syslog config logger list"

    Could you please tell me what is your syslog server?



  • 3.  RE: Sending Selected syslogs to Remote Log Server

    Posted Jan 28, 2020 08:53 AM

    Thank You for response,

    I have verified all configurations, now ESXi is sending logs to the Syslog Server, but I want to send only the selected log no all logs to the syslog server. Additionaly, SSH sessions open/close are not being sent to the syslog server.

    Below logs are from /var/log/auth.log

    2020-01-28T08:43:27Z sshd[5152344]: Session opened for 'root' on /dev/char/pty/t3

    2020-01-28T08:44:06Z sshd[5148135]: Session closed for 'root' on /dev/char/pty/t3

    But these logs does'nt appear in /var/log/syslog.log

    Any help please?



  • 4.  RE: Sending Selected syslogs to Remote Log Server

    Posted Feb 01, 2020 04:11 PM

    If I understand your problem well, you want to exclude some logs from your ESXi hosts. Log filtering ability was introduced in vSphere ESXi 6.0 and you can filter or exclude logging expressions from the system logs.

    you should add this tag "enable_logfilters = true" to this file "/etc/vmsyslog.conf", and then edit the file named "logfilters" from /etc/vmware/ to add the log expression to exclude using this format:

    numLogs | ident | logRegexp

    You can find more information from this article VMware Knowledge Base

    I hope this could help you



  • 5.  RE: Sending Selected syslogs to Remote Log Server

    Posted Feb 07, 2023 10:11 AM

    Did you find the solution for this?



  • 6.  RE: Sending Selected syslogs to Remote Log Server

    Posted Jan 27, 2020 04:51 AM

    Are you ensure that all the syslog configuration are correct? Please check it again : Configure Syslog on ESXi Hosts

    And then also give more information about your log collector server?