Product Announcements

Configuring Multiple Syslog Servers for ESXi 5

By William Lam, Sr. Technical Marketing Engineer

There were some questions on twitter last night about the number of syslog servers that can be configured for an ESXi host and the answer depends on the version of ESXi you are running. With ESXi 4.x, you could only forward to a single syslog server, but with ESXi 5.0 you can now forward to multiple syslog servers which is great for providing redundancy when shipping your logs. In addition to supporting multiple syslog servers, with the release of ESXi 5.0, you can specify different transport protocols: UDP (default), TCP and SSL.

You can configure the syslog servers using the vSphere Client, but if you need to configure this across several hundred hosts you will probably want to automate this using one of the following methods:

Though it may not have been clear in our documentation that you can now specify multiple syslog servers in ESXi 5.0, here is a quick example on how to configure multiple syslog servers using the remote ESXCLI:

1. Enable ESXi Firewall

You will need to enable the syslog rule in the ESXi firewall (only in ESXi 5.0):

$ esxcli –server esxi1 –username root network firewall ruleset set –enabled yes –ruleset-id syslog

Note: The default syslog ruleset allows UDP/TCP 514 and TCP 1514, if you choose to use a different port you will need to update firewall ruleset.

2. Configure Syslog Servers

To specify more than one syslog server, you will need to separate them using a comma. By default, the host will use UDP protocol and port 514. However, you can specify tcp or ssl as the protocol to be used as well as the port number:

$ esxcli –server esxi1 –username root system syslog config set –loghost 10.20.182.46,tcp://10.20.182.50:514,ssl://10.20.182.52:1514

Note: You can also authenticate against vCenter Server by specifying the –vihost parameter

3. Reload Syslog Configuration

For the syslog configuration to take effect, you will need to reload the configuration:

$ esxcli –server esxi1 –username root system syslog reload

You can easily create shell script and using a “for” loop to execute the preceding 3 commands across multiple hosts. Here is a script called configSyslog.sh that accepts three parameters: username, file that includes list of all ESXi hosts seperated by a newline and syslog servers (same syntax as ESXCLI). You will need to edit the script and specify the password for your ESXi host before executing the script.

Disclaimer: This script is provided for informational/educational purposes only. It should be thoroughly tested before attempting to use in a production environment.

Here is a sample execution:
Screen shot 2012-04-03 at 9.00.46 PM

Get notification of new blog postings and more by following lamw on Twitter:  @lamw