Configuring
Syslog Services

All
hosts run a syslog service, which logs messages from the VMkernel and other system components to local files or to a remote host.
You can use the vSphere Web Client, or use the esxcli system syslog command to configure the following parameters of the syslog service.
  • Remote host and port - Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. The remote host must have a log listener service installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
  • Transport protocol - Logs can be sent by using UDP, which is the default, TCP, or SSL transports.
  • Local logging directory - Directory where local copies of the logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the
    /scratch
    directory on the local file system is persistent across reboots.
  • Unique directory name prefix - Setting this option to true creates a subdirectory with the name of the
    host under the specified logging directory. This method is especially useful if the same NFS directory is used by multiple
    hosts.
  • Log rotation policies - Sets maximum log size and the number of archives to keep. You can specify policies both globally, and for individual subloggers. For example, you can set a larger size limit for the
    vmkernel
    log.
The
esxcli system syslog
command is the only supported command for changing
5.0 and later logging configuration. The
vicfg-syslog
command and editing configuration files is not supported for
5.0 and can result in errors.
After making configuration changes, restart the
vmsyslogd
syslog service by running
esxcli system syslog reload
.
The
esxcli system syslog
command allows you to configure the logging behavior of your
system. With vSphere 5.0, you can manage the top-level logger and subloggers. The command has the following options.
Option
Description
mark
Marks all logs with the specified string.
reload
Reloads the configuration, and updates any changed configuration values.
config get
Retrieves the current configuration.
config set
Sets the configuration. Use one of the following options.
  • --logdir=<path>
    – Saves logs to a given path.
  • --loghost=<host>
    – Sends logs to a given host.
  • --logdir-unique=<true|false>
    – Specifies whether the log should go to a unique subdirectory of the directory specified in
    logdir
    .
  • --default-rotate=<int>
    – Default number of log rotations to keep.
  • --default-size=<int>
    – Size before rotating logs, in KB.
config logger list
Shows currently configured subloggers.
config logger set
Sets configuration options for a specific sublogger. Use one of the following options.
  • --id=<str>
    – ID of the logger to configure. Required.
  • --reset=<str>
    – Resets values to default.
  • --rotate=<long>
    – Number of rotated logs to keep for a specific logger. Requires
    --id
    .
  • --size=<long>
    – Size of logs before rotation for a specific logger, in KB. Requires
    --id
    .
esxcli system syslog Usage
The following workflow illustrates how you might use
esxcli system syslog
for log configuration. Specify one of the options listed in Connection Options for vCLI Host Management Commands in place of
<conn_options>
.
  1. Show configuration options.
    esxcli <conn_options> system syslog config get Default Rotation Size: 1024 Default Rotations: 8 Log Output: /scratch/log Logto Unique Subdirectory: false Remote Host: <none>
  2. Set all logs to keep twenty rotations before overwriting the oldest log.
    esxcli <conn_options> system syslog config set --default-rotate=20
  3. Set the rotation policy for VMkernel logs to 10 rotations, rotating at 2 MB.
    esxcli <conn_options> system syslog config logger --id=vmkernel --size=2048 --rotate=10
  4. Send logs to remote host
    myhost.mycompany.com
    . The logs will use the default transport (UDP) and port (514).
    esxcli system syslog config set --loghost='myhost.mycompany.com'
  5. Save the local copy of logs to
    /scratch/mylogs
    and send another copy to the remote host.
    esxcli <conn_options> system syslog config set --loghost='tcp://myhost.mycompany.com:1514' --logdir='/scratch/mylogs'
    You can set the directory on the remote host by configuring the client running on that host. You can use the
    to redirect system logs to a remote host by changing the
    System.global.logHost
    advanced setting.
  6. Send a log message to all logs simultaneously.
    esxcli <conn_options> system syslog mark --message="this is a message!"
  7. Reload the syslog daemon and apply configuration changes.
    esxcli <conn_options> system syslog reload