vSphere Syslog Collector 5.5 – Install and Configure

Syslog Collector

Syslog is a way for network devices to send event messages to a logging server – usually known as a Syslog server. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. An ESXi host will by defaults save its log files locally. This is particularly important for hosts deployed without a persistent scratch Partition, Such as a Stateless host provisioned by Auto Deploy. Syslog Collector also addresses the issue of an Auto Deployed host not having a local disk.  With no local disk the log files are stored on a Ramdisk, which means each time the server boots the logs are lost.   Not having persistent logs can complicate troubleshooting.  Use the syslog collector to capture the ESXi host’s log on a network server.

Syslog Collector on VCSA

A Syslog Collector is bundled with the the vCenter Server Appliance (VCSA) and requires no extra setup. By default logs are saved in /var/log/remote/<HostName>. Just configure the hosts to send their logs to the Syslog collector.

Syslog Collector on a Windows Server

Syslog Collector can be installed on vCenter Server or on a standalone Windows Server.

1. From VMware vCenter Installer media choose vSphere Syslog Collector and Click Install to start the installation process.

SLS12. Select the appropriate language for the Syslog Collector and Click OK.

SLS23. Installer will prepare setup process to guide and install Syslog Collector.

SLS34. On the Welcome screen Click Next to continue.

SLS45. Select Radio button to accept End User License Agreement and Click Next.

SLS56. Select where to install the application and where to stored the logs and also Size of the log file before Rotation and Number of Logs to keep on the Syslog Collector Server. Unless you have specific requirements select default settings and Click Next.

SLS67. Setup Type screen allows to register the Syslog Collector instance with vCenter Server instance. Select VMware vCenter Server Installation and Click Next.

SLS78. On VMware vCenter Server Information screen provide the vCenter Server Name, Port, and Appropriate account credentials to Register Syslog Collector to vCenter Server and Click Next.

SLS8.19. Accept the default ports settings and Click Next.

SLS810. The Next screen allows to choose how the Syslog Collector will be identified on the networks and by the ESXi hosts. It Will detect host name on which we are installing Syslog collector choose default name and Click Next.

SLS911. On Ready to Install screen click Install to begin the installation.

SLS1012. On Installation Completed screen click Finish to complete the Installation.

SLS1613. Once Installation completed connect to vCenter Server –> Home –> Administration –> VMware Syslog Collector–> Double Click to open Syslog Collector.

SLS12

SLS13===========================================================

Configuring ESXi Hosts to Redirect to a Syslog Collector

There are several ways to Configure ESXi hosts to redirect logs to a Syslog Collector.

  • Advanced Configuration Options on the ESXi host
  • Via Host’s command Line
  • Host Profile

Configuring ESXi Hosts using the Advanced Configuration Options

1. Connect to vCenter Server using vSphere Client or Web Client –> Home –> Select Host and Clusters.

2. Select the ESXi Host –> Configuration –> Under Software Advanced Settings.

SLS143. Under Advanced Settings –> Syslog –> Global –> Syslog.global.loghost enter Syslog Collector host name and Click OK to complete the configuration.

SLS15===============================================================

Configuring ESXi Hosts using Host’s Command Line

1. Connect ESXi host using putty.

SLS172. Enter the Root credentials to log into to host.

SLS183. Review the existing Syslog Collector Configuration using below command –                                 esxcli system syslog config get

SLS194. If you do not remember the configuration parameters/options use below commands to get the help – esxcli system syslog config set –help

SLS205. To configure the remote log host server and enable syslog collector server on host use this command –

esxcli system syslog set –loghost=vum.dca.com –logdir-unique=true                    

esxcli system syslog reload

SLS216. Verify configuration using below command – esxcli system syslog config get

SLS22=============================================================

Configuring ESXi Hosts using Host Profile.

1. Edit the Host profile with below settings.

Advanced Configuration Option –> syslog.global.loghost –> Enter the syslog Collector host name and click OK. Apply this Host Profile on other hosts and compliant.

SLS23

Done. We are all set now 🙂

 

Cheers..Roshan Jha

Leave a Reply

Your email address will not be published. Required fields are marked *

*