Home > Blogs > VMware vSphere Blog

Setting up the ESXi Syslog Collector

In my last post I went over the steps to setup the ESXi dump collector.  I figured it would be good to follow-up with a quick post on setting up the syslog collector.  Syslog collector also addresses the issue of an Auto Deployed host not having a local disk.  With no local disk the log files are stored on a ramdisk, which means each time the server boots the logs are lost.   Not having persistent logs can complicate troubleshooting.  Use the syslog collector to capture the ESXi host’s log on a network server.

Just like with the dump collector the syslog collector is very easy to install and configure.  The syslog collector is bundled with the vCenter Server Appliance (VCSA) and requires no extra setup (by default the logs are stored in /var/log/remote/<hostname>).  To install the syslog collector on Windows simply load the vCenter installation media, launch autorun and from the main install menu choose “Syslog Collector”.


You can specify where to install the collector and where to store the logs:


Pay attention to the port settings and make sure you open the required firewall ports:


You can install the syslog collector on a standalone windows host or on your vCenter server:


Once the syslog collector has been installed the next step is to simply configure the ESXi hosts to use the server as its loghost:

~# esxcli system syslog config set –loghost=x.x.x.x

~# esxcli system syslog reload

(you can also set the loghost from the vSphere client by going to configuration -> advanced settings -> syslog -global)

After reloading the syslog you will see a directory on the syslog collector host containing the ESXi host’s logfile as shown below.

Sample Syslog Collector using VCSA


Sample Syslog Collector using Windows Server


11 thoughts on “Setting up the ESXi Syslog Collector

    1. Kyle GleedKyle Gleed Post author

      Make sure the host firewall port is open for Syslog (port 514).
      Make sure the settings on the host are correct by running: # esxcli system syslog config get
      Make sure you reload the syslog after configuring by running: # # esxcli system syslog reload

      I find the firewall and forgetting to reload are the most common issues.

        1. Duncan

          Outgoing firewall for me too. Why is this not more clear in the installation? I banged my head against the wall trying to figure this out.

          Thanks for the tip.

  1. Pingback: resinblade.net » ESXi syslog collector and dump collector

  2. Pingback: resinblade.net » ESXi syslog collector and dump collector

  3. Randy

    Does anyone know how to get the VMware Syslog Collector to log to directory names that match the ESXi hostname as opposed to the IP Address?

  4. Duncan

    I banged my head against the wall trying to get this working. It was the outgoing firewall all along. I wish this was more clear in the documentation.

    Thanks for clearing it up here though!

  5. Francis Joseph Latosa

    This is the right command

    esxcli system syslog config set –loghost=udp://xxx.xxx.xxx.xxx:514
    esxcli network firewall ruleset set –ruleset-id syslog –enabled yes

  6. Granville

    Good day,
    I have a VCenter 5.5 I have installed VMware syslog collector, but the plugin for it is missing. Also I do not have the icon under Home – Administrator.

    thank you for your help



Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>