All ESX/ESXi hosts run a syslog service (syslogd) which logs messages from the VMkernel and other system components to a file.
Note: In ESX, you must modify the remote host option in the /etc/syslog.conf file. The rempte host options are:
-
Log file path – Specifies a datastore path to the file where syslogd logs all messages.
-
Remote host – Specifies a remote host to which syslog messages are forwarded. To receive the forwarded syslog messages, your remote host must have a syslog service installed.
-
Remote port – Specifies the port used by the remote host to receive syslog messages.Resolution:To log events from an ESX host to a remote syslog server:
- Log in to the ESX host as root using an SSH client.
- Open the /etc/syslog.conf file using a text editor.
- Add this entry at the end of the file:
*.* @<IP_address_of_syslog-server>
For example:
*.* @192.1.68.1
- Restart the syslog daemon using the command:
service syslog restart
- Run this command to check if the ESX firewall has been opened for the syslog traffic:
esxcfg-firewall -q|grep syslog
If the firewall is open, you see an output similar to:
syslog : port 514 udp.out
If the firewall is closed, you do not see any output.
- To open the firewall on the ESX host for syslog traffic and to refresh the firewall, run this command:
esxcfg-firewall -o 514,udp,out,syslog && esxcfg-firewall -l
No comments:
Post a Comment