OK, the answer is "Yes it is".
I found time to have a tinker...
If you have nothing configured for syslog in the VSAM (vCenter Server Appliance Manager), then the syslog.conf file will be empty.
So first step create the initial configuration in VSAM, set a address for the target syslog server, port number (514) and protocol. I used 'UDP'.
Then syslog.conf will have something like this in it:
*.* @192.168.1.1:514;RSYSLOG_SyslogProtocol23Format |
Edit syslog.conf and change the '*.*' to a list of the levels required, e.g.:
*.error;*.crit;*.alert @192.168.1.1:514;RSYSLOG_SyslogProtocol23Format |
The rsyslog service will need restarting:
systemctl restart rsyslog |
If you want to test it you can do something like:
logger -p syslog.info "Info test - this won't appear at syslog server" logger -p syslog.warn "Warn test - this won't appear at syslog server" logger -p syslog.error "Error test - this will appear at syslog server" logger -p syslog.crit "Crit test - this will appear at syslog server" |
Warning: Do make any changes to syslog configuration via VSAM from this point on. It will remove the manually entered configuration.
It might be a good idea to keep a copy of the syslog.conf file just in case.