(2018-09-20)
Problem
I want esxi logs to go to a syslog server.
Solution
CLI:
esxcli system syslog config set --loghost='tcp://10.15.30.42'
esxcli system syslog reload
esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
esxcli network firewall refresh
vCenter GUI:
- Hosts -> Host -> Configure -Advanced System Settings
- find key: Syslog.global.LogHost
- set value as above
Targets
Syslog targets have three components:
Component | Values |
---|
Transport | tcp:// udp:// ssl://
|
Destination | IP or DNS name resolvable by host |
Port | usual port values |
Examples:
- udp://loghost:514
- tcp://1.2.3.4:1154
Notes
Having a syslog server configured to catch said logs is left as an exercise for the reader.
Traditionally the syslog messages are not very useful because VMware wants to sell you a log management system as part of vCenter. So personally I don't usually bother setting this up unless a customer wants it.