Dec
17
2008

HowTo – VMware ESX 3.5 and remote syslog configuration

  • SSH over to the ESX server required.  You’ll need sudo or root access to complete the following.
  • To view the file:  cat /etc/syslog.conf
  • To modify the file:  vi /etc/syslog.conf (google for vi help if required, i = insert.  esc = exit insert mode)
  • Move to the bottom of the file and add the line in the next step if you want ALL the logs to be sent over to your syslog server.
  • #syslog server setup
    *.*    @syslogsrv.mydomain
  • The first line in the above line is commented out by the # sign, the second line tells all the log files to be sent to “syslogsrv.mydomain”.  Use an ip address for the syslog server if you want this to work when your DNS server goes down.
  • service syslog restart (restarts the syslog service)
  • esxcfg-firewall -o 514,udp,out,syslog (opens the local firewall to allow remote syslogging)
  • esxcfg-firewall -l (reloads the new firewall configuration)
Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • E-mail this story to a friend!
  • LinkedIn
  • Live
  • StumbleUpon
  • Technorati
  • TwitThis
  • Yahoo! Buzz
Written by Tom Tags: , , , , , , , , ,

7 Comments »

  • NiTRo

    Thanks for the tips.

    It’s really strange from vmware to let do the syslog sonfig from a VI client for ESXi but not for regular ESX…

    Comment | January 8, 2009
  • NiTRo

    i just update one of my ESX today and no more syslog. the /etc/syslog.conf was reset to initial state :( too bad

    Comment | February 4, 2009
  • Tom

    @nitro Sorry to hear you lost your config! After completing configuration on my ESX servers I like to backup a few files to a remote server so I can share the configs with other ESX servers easily. Files like:

    /etc/ssh/sshd_config
    /etc/ntp.conf
    /etc/hosts
    /etc/hosts.allow
    /etc/hosts.deny
    /etc/snmp.conf
    /etc/syslog.conf

    That’s a good start.

    Comment | February 4, 2009
  • NiTRo

    Hi, thanks for sharing the infos about config files, anyway i was very surprised since it could be files that vmware choice to keep when updating packages. Since only ESXi could be managed by the Set-VMHostSysLogServer powershell command, i guess i’m going to do the hadwork again on my hosts :(

    for the avatr, i registered my blog on http://dashboard.wordpress.com :)

    Comment | February 4, 2009
  • Hypervisor.fr » Blog Archive » Rediriger les logs d’ESX/ESXi vers un serveur syslog

    [...] Ackerson de mainesysadmin.com à posté sur son blog un article pour configurer le syslog d’ESX et permettre de regrouper les logs de tous vos ESX vers un serveur [...]

    Pingback | February 8, 2009
  • Simon

    Hi Tom -

    Thanks for the tips. I used your directions to help people who want to not only capture this data but actually use it in a Splunk wiki entry: http://www.splunk.com/base/Community:VMwareESXSyslog

    Not sure if you’ve used Splunk, but I know it can make your life a whole lot easier. Download our free product here: http://www.splunk.com

    Comment | March 12, 2009
  • Tom

    Hi Simon,

    I’m currently using Orion for syslogging duties since it is already in house. I have used the free version of Splunk to look for stuff in IIS logs. It was really easy to setup and use.

    -tom

    Comment | March 12, 2009

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes