Skip to content

How to forward ESXi syslog

Forwarding the ESXi syslog is not that difficult, but beside the ESXi host configuration that you need to make, you will have to make sure that on the network side the host is able to communicate with the remote location.

You will need to open ssh on the host and run esxcli system syslog config get which will display the following:

Check Certificate Revocation: false
Default Network Retry Timeout: 180
Dropped Log File Rotation Size: 100
Dropped Log File Rotations: 10
Enforce SSLCertificates: true
Local Log Output: /scratch/log
Local Log Output Is Configured: false
Local Log Output Is Persistent: true
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Message Queue Drop Mark: 90
Remote Host:
Strict X509Compliance: false

To set the new location will have to run the following command esxcli system syslog config set –loghost=’tcp://hostname:514′ and now if you run again esxcli system syslog config get on Remote Host you should see the hostname you added.

Next step is to enable syslog service from vCenter. For this you need to go in vCenter, select the host > Firewall > Edit and check the syslog service.

Now you need to restart the syslog service esxcli system syslog reload and you can test the connection with the remote location using nc -z hostname 514 and you should receive Connection to hostname 514 port [tcp/*] succeeded.

Published inGeneral

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.