{"id":677,"date":"2020-01-30T13:18:11","date_gmt":"2020-01-30T13:18:11","guid":{"rendered":"http:\/\/michaelstoica.com\/?p=677"},"modified":"2020-05-07T13:27:00","modified_gmt":"2020-05-07T13:27:00","slug":"forwarding-esxi-syslog","status":"publish","type":"post","link":"https:\/\/michaelstoica.com\/site\/forwarding-esxi-syslog\/","title":{"rendered":"How to forward ESXi syslog"},"content":{"rendered":"<p>Forwarding the ESXi syslog is not that difficult, but beside the ESXi host configuration that you need to make, you\u00a0will have to make sure that on the network side the host is able to communicate with the remote location.<\/p>\n<p>You will need to open ssh on the host and run\u00a0<em>esxcli system syslog config get\u00a0<\/em>which will display the following:<\/p>\n<p><strong><em>Check Certificate Revocation: false<\/em><\/strong><br \/>\n<strong><em>Default Network Retry Timeout: 180<\/em><\/strong><br \/>\n<strong><em>Dropped Log File Rotation Size: 100<\/em><\/strong><br \/>\n<strong><em>Dropped Log File Rotations: 10<\/em><\/strong><br \/>\n<strong><em>Enforce SSLCertificates: true<\/em><\/strong><br \/>\n<strong><em>Local Log Output: \/scratch\/log<\/em><\/strong><br \/>\n<strong><em>Local Log Output Is Configured: false<\/em><\/strong><br \/>\n<strong><em>Local Log Output Is Persistent: true<\/em><\/strong><br \/>\n<strong><em>Local Logging Default Rotation Size: 1024<\/em><\/strong><br \/>\n<strong><em>Local Logging Default Rotations: 8<\/em><\/strong><br \/>\n<strong><em>Log To Unique Subdirectory: false<\/em><\/strong><br \/>\n<strong><em>Message Queue Drop Mark: 90<\/em><\/strong><br \/>\n<strong><em>Remote Host:<\/em><\/strong><br \/>\n<strong><em>Strict X509Compliance: false<\/em><\/strong><\/p>\n<p>To set the new location will have to run the following command\u00a0<em>esxcli system syslog config set &#8211;loghost=&#8217;tcp:\/\/hostname:514&#8242;\u00a0<\/em>and now if you run again\u00a0<em>esxcli system syslog config get\u00a0<\/em>on\u00a0<em>Remote Host\u00a0<\/em>you should see the hostname you added.<\/p>\n<p>Next step is to enable syslog service from vCenter. For this you need to go in vCenter, select the host &gt; Firewall &gt; Edit and check the syslog service.<\/p>\n<p><a href=\"https:\/\/michaelstoica.com\/site\/wp-content\/uploads\/2020\/01\/syslog.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-679\" src=\"https:\/\/michaelstoica.com\/site\/wp-content\/uploads\/2020\/01\/syslog.png\" alt=\"\" width=\"855\" height=\"608\" srcset=\"https:\/\/michaelstoica.com\/site\/wp-content\/uploads\/2020\/01\/syslog.png 855w, https:\/\/michaelstoica.com\/site\/wp-content\/uploads\/2020\/01\/syslog-300x213.png 300w, https:\/\/michaelstoica.com\/site\/wp-content\/uploads\/2020\/01\/syslog-768x546.png 768w\" sizes=\"auto, (max-width: 855px) 100vw, 855px\" \/><\/a><\/p>\n<p>Now you need to restart the syslog service\u00a0<em>esxcli system syslog reload\u00a0<\/em>and you can test the connection with the remote location using <em>nc -z hostname 514\u00a0<\/em>and you should receive <strong><em>Connection to hostname 514 port [tcp\/*] succeeded<\/em><\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Forwarding the ESXi syslog is not that difficult, but beside the ESXi host configuration that you need to make, you\u00a0will have to make sure that&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/michaelstoica.com\/site\/forwarding-esxi-syslog\/\">Continue reading<span class=\"screen-reader-text\">How to forward ESXi syslog<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[31,45,52,51,8,13,12,42],"class_list":["post-677","post","type-post","status-publish","format-standard","hentry","category-general","tag-esxi","tag-vcenter","tag-vcommunity","tag-vexpert","tag-virtualization","tag-vmware","tag-vsphere","tag-vsphere-6-7","entry"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p63Lge-aV","_links":{"self":[{"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/posts\/677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/comments?post=677"}],"version-history":[{"count":4,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/posts\/677\/revisions"}],"predecessor-version":[{"id":719,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/posts\/677\/revisions\/719"}],"wp:attachment":[{"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/media?parent=677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/categories?post=677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michaelstoica.com\/site\/wp-json\/wp\/v2\/tags?post=677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}