VMware vSphere

 View Only
  • 1.  VCSA Syslog Reporting Levels

    Posted May 16, 2018 01:17 PM

    From https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-appliance-configuration-guide.pdf we get the following, concerning the syslog level that is sent by VCSA to an external Syslog server.

    With the current "*" setting, we are getting far more messages than we want, and we would only really like VCSA to send Syslog messages at level "error" and above. My reading of the configuration guide suggests that setting the level to "error" won't do this. It will quite literally only allow Syslog messages at error level to be sent. This seems wrong to me, so I firstly wanted to confirm what actually happens. Will VCSA send only error syslog messages, or will it send "crit", "alert" and "emerg" ones too?

    3 From the Common Log Level drop-down menu select the log files to redirect.

    OptionDescription
    *All log files are redirected to the remote machine.
    infoOnly informational log files are redirected to the remote machine.
    noticeOnly notices are redirected to the remote machine. Notice indicates normal but significant condition.
    warnOnly warnings are redirected to the remote machine.
    errorOnly error messages are redirected to the remote machine.
    critOnly critical log files are redirected to the remote machine.
    alertOnly alerts are redirected to the remote machine. Alert indicates that action must be taken immediately.
    emergOnly emergency log files are redirected to the remote machine. Emergency indicates that the system stopped responding and cannot be used.

    If my interpretation is correct, is there a way to get VCSA to send the multiple levels required I.e. to send all "error", "crit", "alert" and "emerg" syslog messages?



  • 2.  RE: VCSA Syslog Reporting Levels

    Posted May 18, 2018 09:50 AM

    Is it possible to fine tune the behaviour of Syslog on VCSA 6.5 by adding a configuration to "/etc/vmware-syslog/syslog.conf"?

    At the moment this appears to be completely empty? Is the file perhaps ignored anyway?



  • 3.  RE: VCSA Syslog Reporting Levels
    Best Answer

    Posted Jun 06, 2018 04:06 PM

    OK, the answer is "Yes it is".

    I found time to have a tinker...

    If you have nothing configured for syslog in the VSAM (vCenter Server Appliance Manager), then the syslog.conf file will be empty.

    So first step create the initial configuration in VSAM, set a address for the target syslog server, port number (514) and protocol. I used 'UDP'.

    Then syslog.conf will have something like this in it:

    *.* @192.168.1.1:514;RSYSLOG_SyslogProtocol23Format

    Edit syslog.conf and change the '*.*' to a list of the levels required, e.g.:

    *.error;*.crit;*.alert @192.168.1.1:514;RSYSLOG_SyslogProtocol23Format

    The rsyslog service will need restarting:

    systemctl restart rsyslog

    If you want to test it you can do something like:

    logger -p syslog.info "Info test - this won't appear at syslog server"

    logger -p syslog.warn "Warn test - this won't appear at syslog server"

    logger -p syslog.error "Error test - this will appear at syslog server"

    logger -p syslog.crit "Crit test - this will appear at syslog server"

    Warning: Do make any changes to syslog configuration via VSAM from this point on. It will remove the manually entered configuration.

    It might be a good idea to keep a copy of the syslog.conf file just in case.



  • 4.  RE: VCSA Syslog Reporting Levels

    Posted Jun 11, 2018 10:29 AM

    Does the level of control over syslog improve (or even change at all) in VCSA v6.7?



  • 5.  RE: VCSA Syslog Reporting Levels

    Posted Jul 13, 2022 09:35 PM

    No it does not. It's the same. It appears the devs moved it out of the UI on purpose. Why, I don't know.



  • 6.  RE: VCSA Syslog Reporting Levels

    Posted Aug 08, 2018 02:10 AM

    How does one provide feedback (in for format of improved documentation) to VMware? I spent hours chasing my tail about the keyword "only" being misused, as in your pdf and this online doc: Redirect vCenter Server Appliance Log Files to Another Machine



  • 7.  RE: VCSA Syslog Reporting Levels

    Posted Aug 26, 2018 10:07 PM

    I don't know the answer to your question. I wound I'd suggest opening a topic of your own though as people might not notice your query appended to the end of my topic.

    I am at VMWorld 2018 in Las Vegas right now, so might be able to get an answer here. I think the response though is likely to be similar to the answer I got about a detail I wanted confirmed, which was to raise a support request.