VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Configuring
ESXi
 Syslog Services

All
ESXi
 hosts run a syslog service, which logs messages from the VMkernel and other system components to local files or to a remote host.
You can use the
vSphere Client
, or use the
esxcli system syslog
 command to configure the following parameters of the syslog service.
  • Remote host and port - Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. The remote host must have a log listener service installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
  • Transport protocol - Logs can be sent by using UDP, which is the default, TCP, or SSL transports.
  • Local logging directory - Directory where local copies of the logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the
    /scratch
     directory on the local file system is persistent across reboots.
  • Unique directory name prefix - Setting this option to true creates a subdirectory with the name of the
    ESXi
     host under the specified logging directory. This method is especially useful if the same NFS directory is used by multiple
    ESXi
     hosts.
  • Log rotation policies - Sets maximum log size and the number of archives to keep. You can specify policies both globally, and for individual subloggers. For example, you can set a larger size limit for the
    vmkernel
     log.
After making configuration changes, restart the
vmsyslogd
 syslog service by running
esxcli system syslog reload
.
For audit events, you should use syslog with either TCP on port 514 or TLS on port 1514. To use unencrypted syslog, you must prefix the entry with
tcp://
. To use encrypted syslog through the TLS protocol, you must prefix the entry with
ssl://
. For security reasons, you should use the TLS protocol for communications. To use the TLS protocol, you must load a public CA certificate onto
ESXi
 that is suitable for the syslog server.
The
esxcli system syslog
 command allows you to configure the logging behavior of your
ESXi
 system. You can manage the top-level logger and subloggers. The command has the following options.
Option
Description
mark
Marks all logs with the specified string.
reload
Reloads the configuration, and updates any changed configuration values.
config get
Retrieves the current configuration.
config set
Sets the configuration. Use one of the following options.
  • --logdir=<path>
     – Saves logs to a given path.
  • --loghost=<host>
     – Sends logs to a given host.
  • --logdir-unique=<true|false>
     – Specifies whether the log should go to a unique subdirectory of the directory specified in
    logdir
    .
  • --default-rotate=<int>
     – Default number of log rotations to keep.
  • --default-size=<int>
     – Size before rotating logs, in KB.
config logger list
Shows currently configured subloggers.
config logger set
Sets configuration options for a specific sublogger. Use one of the following options.
  • --id=<str>
     – ID of the logger to configure. Required.
  • --reset=<str>
     – Resets values to default.
  • --rotate=<long>
     – Number of rotated logs to keep for a specific logger. Requires
    --id
    .
  • --size=<long>
     – Size of logs before rotation for a specific logger, in KB. Requires
    --id
    .
esxcli system syslog Usage
The following workflow illustrates how you might use
esxcli system syslog
 for log configuration. Specify one of the options listed in Connection Options for ESXCLI Host Management Commands in place of
<conn_options>
.
  1. Show configuration options. 
    esxcli <conn_options> system syslog config get
Default Rotation Size: 1024
Default Rotations: 8
Log Output: /scratch/log
Logto Unique Subdirectory: false
Remote Host: <none>
  2. Set all logs to keep twenty rotations before overwriting the oldest log. 
    esxcli <conn_options> system syslog config set --default-rotate=20
  3. Set the rotation policy for VMkernel logs to 10 rotations, rotating at 2 MB. 
    esxcli <conn_options> system syslog config logger --id=vmkernel --size=2048 --rotate=10
  4. Send logs to remote host
    myhost.mycompany.com
    . The logs will use the default transport (UDP) and port (514). 
    esxcli system syslog config set --loghost='myhost.mycompany.com'
  5. Save the local copy of logs to
    /scratch/mylogs
     and send another copy to the remote host. 
    esxcli <conn_options> system syslog config set --loghost='tcp://myhost.mycompany.com:1514' --logdir='/scratch/mylogs'
    You can set the directory on the remote host by configuring the client running on that host. You can use the
    vSphere Client
     to redirect system logs to a remote host by changing the
    System.global.logHost
     advanced setting.
  6. Send a log message to all logs simultaneously. 
    esxcli <conn_options> system syslog mark --message="this is a message!"
  7. Reload the syslog daemon and apply configuration changes. 
    esxcli <conn_options> system syslog reload

Content feedback and comments