Home > Blogs > VMware vSphere Blog > Tag Archives: Syslog

Tag Archives: Syslog

vCloud Networking and Security 5.1 App Firewall – Part 3

In the previous two vCloud Networking and Security App Firewall blogs we looked at  installation and policy management. In this blog, let’s take a look at how to handle day-to-day operations of App Firewall. Following topics are covered in this blog.

  • App Firewall Flow Monitoring Capabilities
  • App Firewall Syslog Management
  • App Firewall Show History and Load History options
  • App Firewall Configuration Backup
  • App Firewall CLIs

Continue reading

Locating vCloud Director Syslog, Installation ID & Other Settings Using The vCloud API

A few weeks back I needed to find the syslog settings for vCloud Director using the vCloud API for some testing, but after a bit of browsing through the vCloud API Reference, I was not able to find it.

I reached out to fellow colleague Timo Sugliani who has done some fantastic work with the vCloud API and he was able to help me locate the proper API call. It turns out the vCloud Director general settings is actually located under /admin/extension API section and I had thought it was somewhere under /admin. Using either REST Client or cURL, you can perform a GET operation to retrieve the syslog settings as well as other general settings using the following URL:


Here is a screenshot of the results which you can see maps back to the settings shown in the above screenshot:

For more details on the properties, you can refer to the vCloud API Reference guide for the general settings here. Hopefully this quick tidbit will come in handy for anyone looking for syslog or other general settings using the vCloud API. Big thanks to Timo for his help!

Get notification of new blog postings and more by following lamw on Twitter:  @lamw

Configuring syslog servers and logging in vCloud Networking and Security 5.1

I received multiple requests about setting up syslog servers and logging in vCloud Networking and Security 5.1 App Firewall and Edge Gateway. In this blog, I am going to show how to setup syslog servers and enable logging in vCloud Networking Security 5.1 Manager, App Firewall and Edge Gateway.

Manager syslog configuration

Login to Manager web interface and select Settings & Reports -> Configuration -> General tab and click Edit button next to Syslog Server to configure the syslog server.

Continue reading

Host Profile: Syslog.global.logDirUnique Option Missing

I recently posted about a tricky syntax issue when setting Syslog.global.logDir using a host profile.  In that post I also recommended that anytime you setup a shared logging datastore that you always set two advanced configuration options:

  • Syslog.global.logDir = specifies the name of the datastore along with the corresponding directory where the logs will be saved.
  • Syslog.global.logDirUnique = specifies that each host should create it’s own subdirectory under the path specified by Syslog.lglobal.logDir.  This helps keep the log files organized.

In response to my post I had a couple people point out that there is no Syslog.global.logDirUnique option available in their host profile, all they have is the Syslog.global.logDir option:

Continue reading

Configuring Multiple Syslog Servers for ESXi 5

By William Lam, Sr. Technical Marketing Engineer

There were some questions on twitter last night about the number of syslog servers that can be configured for an ESXi host and the answer depends on the version of ESXi you are running. With ESXi 4.x, you could only forward to a single syslog server, but with ESXi 5.0 you can now forward to multiple syslog servers which is great for providing redundancy when shipping your logs. In addition to supporting multiple syslog servers, with the release of ESXi 5.0, you can specify different transport protocols: UDP (default), TCP and SSL.

You can configure the syslog servers using the vSphere Client, but if you need to configure this across several hundred hosts you will probably want to automate this using one of the following methods:

Though it may not have been clear in our documentation that you can now specify multiple syslog servers in ESXi 5.0, here is a quick example on how to configure multiple syslog servers using the remote ESXCLI:

1. Enable ESXi Firewall

You will need to enable the syslog rule in the ESXi firewall (only in ESXi 5.0):

$ esxcli –server esxi1 –username root network firewall ruleset set –enabled yes –ruleset-id syslog

Note: The default syslog ruleset allows UDP/TCP 514 and TCP 1514, if you choose to use a different port you will need to update firewall ruleset.

2. Configure Syslog Servers

To specify more than one syslog server, you will need to separate them using a comma. By default, the host will use UDP protocol and port 514. However, you can specify tcp or ssl as the protocol to be used as well as the port number:

$ esxcli –server esxi1 –username root system syslog config set –loghost,tcp://,ssl://

Note: You can also authenticate against vCenter Server by specifying the –vihost parameter

3. Reload Syslog Configuration

For the syslog configuration to take effect, you will need to reload the configuration:

$ esxcli –server esxi1 –username root system syslog reload

You can easily create shell script and using a “for” loop to execute the preceding 3 commands across multiple hosts. Here is a script called configSyslog.sh that accepts three parameters: username, file that includes list of all ESXi hosts seperated by a newline and syslog servers (same syntax as ESXCLI). You will need to edit the script and specify the password for your ESXi host before executing the script.

Disclaimer: This script is provided for informational/educational purposes only. It should be thoroughly tested before attempting to use in a production environment.

Here is a sample execution:
Screen shot 2012-04-03 at 9.00.46 PM

Get notification of new blog postings and more by following lamw on Twitter:  @lamw

Setting up the ESXi Syslog Collector

In my last post I went over the steps to setup the ESXi dump collector.  I figured it would be good to follow-up with a quick post on setting up the syslog collector.  Syslog collector also addresses the issue of an Auto Deployed host not having a local disk.  With no local disk the log files are stored on a ramdisk, which means each time the server boots the logs are lost.   Not having persistent logs can complicate troubleshooting.  Use the syslog collector to capture the ESXi host’s log on a network server.

Just like with the dump collector the syslog collector is very easy to install and configure.  The syslog collector is bundled with the vCenter Server Appliance (VCSA) and requires no extra setup (by default the logs are stored in /var/log/remote/<hostname>).  To install the syslog collector on Windows simply load the vCenter installation media, launch autorun and from the main install menu choose “Syslog Collector”.


You can specify where to install the collector and where to store the logs:


Pay attention to the port settings and make sure you open the required firewall ports:


You can install the syslog collector on a standalone windows host or on your vCenter server:


Once the syslog collector has been installed the next step is to simply configure the ESXi hosts to use the server as its loghost:

~# esxcli system syslog config set –loghost=x.x.x.x

~# esxcli system syslog reload

(you can also set the loghost from the vSphere client by going to configuration -> advanced settings -> syslog -global)

After reloading the syslog you will see a directory on the syslog collector host containing the ESXi host’s logfile as shown below.

Sample Syslog Collector using VCSA


Sample Syslog Collector using Windows Server