Configure vSphere Syslog Collector

Click Install: Next J Accept 😀 then another next : If you want to integrate the Syslog collector with vCenter , select the second option: At this step you will need to verify the ports used with vCenter as you will need them in the (next) step: In my Case it is 8081 The (Next) step is to insert the vCenter access ports , FQDN and credentials: Accept the certificate ,, Do you have other options J Here you may need to change ports , keep the default if not necessary: Here you can select the FQDN of the syslog collector server: The next is where you specify the installation path of the syslog collector server and the LOCATION where you will keep your log files: Please be careful here , in my case I made the log to keep (10) , as you see the first file was at 4 am , then the last one is 8 am , We have little intensive workload , but I believe logging will be less in some other times , let us say in 4 hours (not a rule) it has 10 files ,, then it will start overwriting , this means you are going to lose logs if you want to review them later for auditing purpose or investigating an issue The size for the 10 files is around 20 MB, So , I will increase my log rotation here, in 4 hours it was 20 MB , so it will be 120 MB for 24 hours per single ESXi host. And as I am a kind boy , I will let it be last for 1 day and 12 hours , allowing the backup to take them out. So it should be around 180 MB per single host , so the log rotation to keep in this case will be 10 “the current numberX 9 “ 24 hours + 12 hours=36 hours / 4 “the hours”= 9”, so the log rotation value will be 90 , this mean it shouldlast for 36 hours. That is all at installation side so far ,, now let us go to ESXi host to configure the remote logging , you have 2 ways through SSH the host or the GUI, but first make sure the syslog collector port is opened in the ESX GUI: Click on the host then select configuration tab, the software section of the configuration will open the below window: Type your syslog collector IP in the syslog.global.logHost: ie. tcp://10.5.1.1:514 Command: First check the current configuration on host, of course it shows the IP as I configured it already over GUI: Then you will need to write the 2 below commands in sequence to get it configured: It will looks like that under the chosen directory in installation time: note you may need to open firewall: esxcli network firewall ruleset set –ruleset-id=syslog –enabled=true esxcli network firewall refresh -Test centralized logging configuration -Use esxcli system syslog to configure centralized logging on ESXi hosts

Now I will reset all syslogservers to $null:

PowerCLI C:\> Get-VMHostSysLogServer -VMHost
PowerCLI C:\> $hosts= Get-VMHost
PowerCLI C:\> Get-VMHostSysLogServer -VMHost $hosts

Host                                Port
—-                                  —-
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514
tcp://172.XX.XX.197     514

PowerCLI C:\> Set-VMHostSysLogServer -SysLogServer $null -VMHost $hosts
PowerCLI C:\> Get-VMHostSysLogServer -VMHost $hosts
PowerCLI C:\>

Advertisements

About Ahmad Sabry ElGendi

https://www.linkedin.com/pub/ahmad-elgendi/94/223/559
This entry was posted in VCAP5-DCA, Vmware. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s