In my last post I went over the steps to setup the ESXi dump collector. I figured it would be good to follow-up with a quick post on setting up the syslog collector. Syslog collector also addresses the issue of an Auto Deployed host not having a local disk. With no local disk the log files are stored on a ramdisk, which means each time the server boots the logs are lost. Not having persistent logs can complicate troubleshooting. Use the syslog collector to capture the ESXi host’s log on a network server.
Just like with the dump collector the syslog collector is very easy to install and configure. The syslog collector is bundled with the vCenter Server Appliance (VCSA) and requires no extra setup (by default the logs are stored in /var/log/remote/<hostname>). To install the syslog collector on Windows simply load the vCenter installation media, launch autorun and from the main install menu choose “Syslog Collector”.
You can specify where to install the collector and where to store the logs:
Pay attention to the port settings and make sure you open the required firewall ports:
You can install the syslog collector on a standalone windows host or on your vCenter server:
Once the syslog collector has been installed the next step is to simply configure the ESXi hosts to use the server as its loghost:
~# esxcli system syslog config set –loghost=x.x.x.x
~# esxcli system syslog reload
(you can also set the loghost from the vSphere client by going to configuration -> advanced settings -> syslog -global)
After reloading the syslog you will see a directory on the syslog collector host containing the ESXi host’s logfile as shown below.
Sample Syslog Collector using VCSA
Sample Syslog Collector using Windows Server