Configuring
Syslog
Services
All
hosts run
a syslog service, which logs messages from the VMkernel and other system
components to local files or to a remote host.
You can use the vSphere Web
Client, or use the esxcli system syslog command to configure the following
parameters of the syslog service.
- Remote host and port - Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. The remote host must have a log listener service installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
- Transport protocol - Logs can be sent by using UDP, which is the default, TCP, or SSL transports.
- Local logging directory - Directory where local copies of the logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the/scratchdirectory on the local file system is persistent across reboots.
- Unique directory name prefix - Setting this option to true creates a subdirectory with the name of the host under the specified logging directory. This method is especially useful if the same NFS directory is used by multiple hosts.
- Log rotation policies - Sets maximum log size and the number of archives to keep. You can specify policies both globally, and for individual subloggers. For example, you can set a larger size limit for thevmkernellog.
The
esxcli system
syslog
command is the only supported command for changing
5.0 and
later logging configuration. The
vicfg-syslog
command
and editing configuration files is not supported for
5.0 and
can result in errors.
After making configuration
changes, restart the
vmsyslogd
syslog service by running
esxcli system
syslog reload
.
The
esxcli system
syslog
command allows you to configure the logging behavior of your
system.
With vSphere 5.0, you can manage the top-level logger and subloggers. The
command has the following options.
Option | Description |
|---|---|
mark
| Marks
all logs with the specified string. |
reload
| Reloads
the configuration, and updates any changed configuration values. |
config
get
| Retrieves the current configuration. |
config
set
| Sets the configuration. Use one of the following
options.
|
config logger
list
| Shows currently configured
subloggers. |
config logger
set
| Sets configuration options for a specific
sublogger. Use one of the following options.
|
esxcli system syslog
Usage
The following workflow
illustrates how you might use
esxcli system
syslog
for log configuration. Specify one of the options listed in
Connection Options for vCLI Host Management Commands
in place of
<conn_options>
.
- Show configuration options.esxcli <conn_options> system syslog config get Default Rotation Size: 1024 Default Rotations: 8 Log Output: /scratch/log Logto Unique Subdirectory: false Remote Host: <none>
- Set all logs to keep twenty rotations before overwriting the oldest log.esxcli <conn_options> system syslog config set --default-rotate=20
- Set the rotation policy for VMkernel logs to 10 rotations, rotating at 2 MB.esxcli <conn_options> system syslog config logger --id=vmkernel --size=2048 --rotate=10
- Send logs to remote hostmyhost.mycompany.com. The logs will use the default transport (UDP) and port (514).esxcli system syslog config set --loghost='myhost.mycompany.com'
- Save the local copy of logs to/scratch/mylogsand send another copy to the remote host.
You can set the directory on the remote host by configuring the client running on that host. You can use the to redirect system logs to a remote host by changing theesxcli <conn_options> system syslog config set --loghost='tcp://myhost.mycompany.com:1514' --logdir='/scratch/mylogs'System.global.logHostadvanced setting. - Send a log message to all logs simultaneously.esxcli <conn_options> system syslog mark --message="this is a message!"
- Reload the syslog daemon and apply configuration changes.esxcli <conn_options> system syslog reload