So I have started laying out the beginnings of the new vSphere 5 infrastructure at my work. Got a couple of hosts laid out, vCenter built up, and dotting my i’s. The particular piece I was working on just a few moments ago was remote syslog for the ESXi hosts.
We all know that with the release of vMA 5 that vi-logger was removed from the distribution…why I am not sure…but it was. This doesn’t mean that you can’t still use the vMA for logging. In comes good ol’ syslog-ng which is standard in the distribution. The configuration was done with some tips from VirtuallyGhetto so I won’t go into the details of that portion as to not recreate the wheel.
In order to configure an ESXi host for remote logging we can do this from either the GUI or from the vMA using esxcli when connected to each host. In the GUI, you will find the settings in Host Configuration->Advanced Settings->Syslog. The information that is immediately pertinent is the Syslog.global.logHost. When adding something to this field you need to follow the following format: protocol://RemoteSyslogServer:port.
When configuring this from the vMA using esxcli, just connect to your target and run:
esxcli system syslog config set --loghost=protocol://RemoteSyslogServer:port
This will configure the target host with your remote syslog server information. In immediate thought you would think this would get it to start working…nope…we aren’t done yet. After you configure the remote syslog server information you will need to open the outbound ports on your ESXi hosts’ firewalls. This can be done through Host Configuration->Security Profile->Firewall Properties. Just enable the syslog outbound connections and this portion is all set. Finished…NOPE! PSYCH!
Another step that is required before logging actually starts to work is to reload the syslog service on your target hosts. You can do this from the vMA by connecting to your target hosts and running:
esxcli system syslog reload
Finally, you can sit back and relax while your hosts start to log to your vMA host. Enjoy!
Here are some references you can look to for guidance:
- vSphere 5 Documentation Center (Remote Logging Setup in ESXi) - http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.migration.doc_50/cos_upgrade_technote.1.6.html?path=6_2_3_0#1076323
- VirtuallyGhetto (Free Linux & Windows Syslog Alternatives to deprecated vi-logger in vMA 5) - http://www.virtuallyghetto.com/2011/07/free-linux-windows-syslog-alternatives.html
If you have any questions or comments then please feel free to sound off in the comments!