One of the many substantial changes between VMware vSphere ESXi 4 and ESX5 was a rewrite of the syslog services, and the addition of features like support for TCP and SSL when sending logs to a remote target. However, the initial release of remote syslog support in ESX 5.0 had some significant limitations. The good news is that, as of January 2014, all of the major issues have been fixed in all versions of ESXi ESXi 5.0 to 5.5.
If you are sending your ESXi 5 hosts to a remote syslog target, then we highly recommend that you update your ESXi with the appropriate updates/patches available (listed below). Without these updates you may find yourself missing important logs when you have an issue that you need to analyze.
Once you have updated all your hosts to the versions listed below, we recommend using TCP or SSL. Without TCP, log message loss due to buffer overflows in network devices and network stacks may happen without detection.
Here are the appropriate patch/update links:
Base ESXi Version | Make sure you have updated to at least | Patch/Update Release Notes | Date Patch/Update Was Released |
5.0 | vSphere ESXi 5.0 build 1489271 or higher | vSphere ESXi Patch ESXi500-201401401-BG | Jan 23rd, 2014 |
5.1 | vSphere ESXi 5.1 build 1483097 or higher | vSphere ESXi 5.1U2 | Jan 30th, 2014 |
5.5 | vSphere ESXi 5.5 GA build 1331820 or higher | vSphere ESXi 5.5 GA | Sept 22, 2013 |
For more information on the issues resolved with these patches, please refer to the release notes for the patch/update releases. If you have any questions, please don’t hesitate to contact VMware support or post a question in the VMware vCenter Log Insight community.
Speaking of vCenter Log Insight, if you are not yet using Log Insight, you are missing out on powerful root cause analytics and monitoring capabilities for vSphere and your entire IT ecosystem! Download a trial right away – it is so easy to setup and configure, you will have your first insights within 30 minutes.