Recently I installed vCenter Log Insight, which by the way has one of the easiest and intuitive installers and configuration wizards ever!
After the Install and during the configuration you can easily add your vCenter server and vCOPs server so that monitoring can start straight away.
As an extra configuration step you can extend the default logging by setting up each ESXi host to use the Syslog server which is built into Log Insight, the process for this can be found in the documentation located here.
As per the documentation this means either going to each host and configuring the Syslog settings, configuring them manually through the shell or running the configure-esxi script through an SSH session.
As I already had a PowerCLI session open to my environment I wrote a quick PowerCLI script to achieve the same thing, the following script will configure the Syslog settings for each ESXi host to send their events to Log Insight…..
Connect to your vCenter Server and then change the IP address in the first line of the script below:
$LogInsightServer = “10.20.182.60”
Get-VMHost | Foreach {
Write-Host “Adding $LogInsightServer as Syslog server for $($_.Name)”
$SetSyslog = Set-VMHostSysLogServer -SysLogServer $LogInsightServer -SysLogServerPort 514 -VMHost $_
Write-Host “Reloading Syslog on $($_.Name)”
$Reload = (Get-ESXCLI -VMHost $_).System.Syslog.reload()
Write-Host “Setting firewall to allow Syslog out of $($_)”
$FW = $_ | Get-VMHostFirewallException | Where {$_.Name -eq ‘syslog’} | Set-VMHostFirewallException -Enabled:$true
}
Example screenshot
Find out more about Log Insight
To find out more information about Log Insight check out their page here or watch the overview video below.