VMware vSphere

 View Only

  • 1.  vSphere Syslog Collector

    Posted Apr 24, 2012 01:12 AM

    I have just started using the vSphere 5 Syslog Collector and I have pointed all my ESX hosts at it.  After about a day, I applied some Windows patches to the server running the syslog collector and rebooted it.  After that the ESX hosts stopped logging to it.

    I created a powercli script to reload the syslog daemon on all the ESX hosts, and most of them started to log to the syslog collector again.  There are still some that aren't logging to it.

    Does anyone use the vSphere Syslog Collector and know of any issues with it.  Or if there's something that needs to be done on it or the ESX hosts to ensure they continue to send log information to the syslog collector.

    All my hosts are running vSphere 5.0, but the Syslog Collector is vSphere 5 Update 1

    Any help / thoughts would be greatly appreciated.



  • 2.  RE: vSphere Syslog Collector

    Posted Apr 24, 2012 01:32 AM

    Yep if the ESXi hosts are not able to reach the configured syslog server they may stop sending syslog messages to the remote server and you will need to reload the syslog on the ESXi host.

    It should resume after reloading it.

    Here is a KB about it: http://kb.vmware.com/kb/2003127

    Also, have you tried to send a test syslog message using logger from TSM to verify for sure that it is not working?

    Hope this helps.

    Hersey

    Message was edited by: herseyc



  • 3.  RE: vSphere Syslog Collector

    Posted Sep 13, 2012 05:06 PM

    Did you ever come to a verdict on this? I would like to know the same. If you reboot the syslog server, do you need to repoint all of your hosts at it again? Or did you have a continuous network issue and that is why logs were not being sent?

    It would be an annoyance if after each reboot of the syslog server you had to resync all vSphere hosts.

    Thanks in advance!



  • 4.  RE: vSphere Syslog Collector

    Posted May 08, 2013 07:57 PM

    Hate to necro, but this is still an issue and no it doesn't resume sending the logs after a brief network burp.

    I opened up an other forum post asking what others are doing.

    VMware ESXi 5 host stops sending syslogs to remote server (Splunk)



  • 5.  RE: vSphere Syslog Collector

    Broadcom Employee
    Posted May 08, 2013 08:13 PM

    Here's a good blog that shows how to use a vCenter alarm to alert you when you lose connectivity to the syslog host.

    virtuallyGhetto: Detecting ESXi Remote Syslog Connection Error Using a vCenter Alarm

    Regards,

    -Kyle



  • 6.  RE: vSphere Syslog Collector

    Posted May 08, 2013 08:37 PM

    Thanks, that lets me see the "dead ducks" nicely.

    Do you know of  away to add an "Actions" so that I can have it start it up on that host when this is triggered?

    Following that URL and another Link http://www.viktorious.nl/2012/05/10/esxi-5-syslogger-stops-logging-collective-restart-using-powercli/ there, I see that this PowerCLI will work.   Any way to get that into the trigger?

    foreach ($esxhost in (Get-Cluster -Name $cluster | Get-VMHost )){

        Write-Host "ESX: $esxhost"

        $esxcli = Get-EsxCli -VMhost $esxhost

             $esxcli.system.syslog.reload()

    }

    I have VMware vSphere PowerCLI installed on my "Windows" vCenter box.  Or if it can be done within the alarm itself.

    --thanks a lot.



  • 7.  RE: vSphere Syslog Collector

    Posted May 09, 2013 06:48 PM

    Figured it out, bit embarrassed too.

    I was using TCP, if I change to UDP, the patch that was supposed to fix this (5.0 patch 3) actually fixes UDP and not TCP... just UDP.

    So I changed to UDP and it auto restarts after I test restarting my syslog server (splunk).