Syslog is a way for network devices to send event messages to a logging server – usually known as a Syslog server. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. An ESXi host will by defaults save its log files locally. This is particularly important for hosts deployed without a persistent scratch Partition, Such as a Stateless host provisioned by Auto Deploy. Syslog Collector also addresses the issue of an Auto Deployed host not having a local disk. With no local disk the log files are stored on a Ramdisk, which means each time the server boots the logs are lost. Not having persistent logs can complicate troubleshooting. Use the syslog collector to capture the ESXi host’s log on a network server.
Syslog Collector on VCSA
A Syslog Collector is bundled with the the vCenter Server Appliance (VCSA) and requires no extra setup. By default logs are saved in /var/log/remote/<HostName>. Just configure the hosts to send their logs to the Syslog collector.
Syslog Collector on a Windows Server
Syslog Collector can be installed on vCenter Server or on a standalone Windows Server.
1. From VMware vCenter Installer media choose vSphere Syslog Collector and Click Install to start the installation process.
6. Select where to install the application and where to stored the logs and also Size of the log file before Rotation and Number of Logs to keep on the Syslog Collector Server. Unless you have specific requirements select default settings and Click Next.
10. The Next screen allows to choose how the Syslog Collector will be identified on the networks and by the ESXi hosts. It Will detect host name on which we are installing Syslog collector choose default name and Click Next.
Configuring ESXi Hosts to Redirect to a Syslog Collector
There are several ways to Configure ESXi hosts to redirect logs to a Syslog Collector.
- Advanced Configuration Options on the ESXi host
- Via Host’s command Line
- Host Profile
Configuring ESXi Hosts using the Advanced Configuration Options
1. Connect to vCenter Server using vSphere Client or Web Client –> Home –> Select Host and Clusters.
2. Select the ESXi Host –> Configuration –> Under Software Advanced Settings.
Configuring ESXi Hosts using Host’s Command Line
1. Connect ESXi host using putty.
esxcli system syslog set –loghost=vum.dca.com –logdir-unique=true
esxcli system syslog reload
Configuring ESXi Hosts using Host Profile.
1. Edit the Host profile with below settings.
Advanced Configuration Option –> syslog.global.loghost –> Enter the syslog Collector host name and click OK. Apply this Host Profile on other hosts and compliant.
Done. We are all set now 🙂