logging within vSphere

Before I Start Writing about the topic i want to discuss today, I just would like to highlight the reason behind writing that.

In the past few days i have been going through multiple cases with customers related to support and uploading the logs as a requirement to understand the issue happening in their environment. these issues are

1- logs are actually based within the servers and being cleared once hosts rebooted.

2- logs are available in syslog server that is not accessible directly by the virtualization administrator and it will take them some time and procedures to retrieve this information.

So the way i would recommend this to my customer, is basically to have their own syslog server in their environment. and VMware has been very thankful in that by prviding a very useful syslog server on its own.

In this article, i would like to talk about h0w to install and configure VMware syslog collector.

so the installer is part of the vCenter installation ISO Image in the vCenter support tools Section. as shown Below.


The installer is a step by step wizard that can really ease the installation on the VMware administrator. once VMware Syslog Collector is installed and configured, you can move forward with the wizard starting from the next

the information entered above are the location where the administrator would like to keep the installation binary files as well as the syslog file location. my recommendation is to chose an easy location for the administrator to remember later when needed.  the administrator can also stick to the enterprise policy in term of rotation requirement and the size of the log file in MB, this shouldn’t be so large otherwise a huge amount of logs will be avaialble in one file which it will be later difficult to open the file and troubleshoot.

The Next Step is about how the connection to the syslog collector will take place using which network protocol on which port, i would use the default myself in my environment here at home but entrprises may not agree on doing that :-)


The above Configuration will actually determine how the later steps in term of the ESXi host configuration will be done. we will see to that in the final steps of this post.

Finally,  the final step is talking about the management of the syslog collector information and weather the administrator wants to integrate this with the vCenter server where the management information can be shown from the vCenter interface in term of what are the servers that is actually using the syslog collector and the size of the log files as well as the number of rotations.


we will choose to integrate with vCenter so that we can see the information about our syslog environemnt. it will be shown as a plug-in in vCenter


when clicked, here is what it will show.

Once the installation wizard has completed Successfully, there are still some steps that are required to be finalized. these steps includes configuring logging for the ESXi Hosts that we want to use Syslog For. let us go with that now.


The required step now is to basically configure the ESXi advanced settings to include the IP Address & The ports of the syslog collector server so that the logs will be shipped to that location. this setting can be done in 2 different ways.

1- From vCenter GUI going to advanced setting of the ESXi Hosts & Choosing Syslog as shown Below.

2-By Using the esxcli command and typing the following

# esxcli system syslog config set –loghost=x.x.x.x

#esxcli system syslog reload


keep in mind that we are not done yet. if you have choosen to change the default port & the protocol of logging then you will have to specify that in your configuration so here is what you have to do.

* in case of using command line interface

#esxcli system syslog config set –loghost='<Protocol>://x.x.x.x:<port>’

#esxcli system syslog reload


* in case you want to use the GUI Advanced Settings from vCenter in vSphere Client, you have to add it this way



now we have allow the syslog traffic to pass via the ESXi Firewall, and the way to do that is by accessing the Security Profile Section of the host configuration. note that if you are not using the default port then you can’t change the port in the security profile in the ESXi Hosts using the GUI.


you have to specify the enable the traffic to pass throught eh ESXi firewall if you are using the default port.


so this configuration is done. nevertheless, we have done the configuration on one single host, how about the rest of the environment. so here are 2 ways.

1- In case you are using vSphere enterprise plus then Host profile can help you alot in propegating this change to all your ESXi Hosts or else.

2- USe VirtualllyGhetto Script to pass the a for command to configure the entire environment, use the following Script, please note that this Script is not of my writing and it should be tested before it is to run in production.

# William Lam
# http://blogs.vmware.com/vsphere/automation/


if [[ $# -ne 3 ]]; then
echo -e “\nUsage: $0 [USERNAME] [HOSTLIST] [SYSLOG_SERVERS]\n”
exit 1

if [ -z ${PASSWORD} ]; then
echo -e “You forgot to set the password in the script!\n”
exit 1


for HOST in $(cat ${INPUT});
echo “Configuring syslog server for ${HOST} …”
esxcli –server ${HOST} –username ${USERNAME} –password ${PASSWORD} network firewall ruleset set –enabled yes –ruleset-id syslog
esxcli –server ${HOST} –username ${USERNAME} –password ${PASSWORD} system syslog config set –loghost “${SYSLOG}”
esxcli –server ${HOST} –username ${USERNAME} –password ${PASSWORD} system syslog reload


happy syslogging :-) and let me know how it goes.



Leave a Reply

Your email address will not be published. Required fields are marked *