When using the syslog feature of ESXi you have to configure the syslog server for every ESXi server. This means opening the advanced options on your ESXi server and set the appropriate syslog server, again…and again. Of course you can use the host profiles feature to deploy the same syslog settings for each host in your datacenter, but if you’re not the lucky owner of an vSphere Enterprise Plus license the Host Profiles feature won’t be available.
An interesting option is using the vMA (Virtual Management Assistent) for a centralized syslog configuration. The vMA is a Linux based virtual appliance containing some interesting VMware tooling. For example, most of the esxcfg/vicfg commands are in the vMA and we have a remote esxcli environment available! With the introduction of vSphere/ESXi 5, the esxcli was changed and improved. Esxcli actually replaced some of the esxcfg/vicfg commands. Don’t forget to learn the vMA commands vifp and vifptarget, which will help you to point the vMA to a specified ESXi server in your datacenter. After you select an ESXi server with vifptarget, you can execute every esxcli command without entering username and password for every command you execute. Visit this article by Rick Vanover for some extra information on vifp and vifptarget.
For the syslog configuration we’ve got the esxcli system syslog command set available. So let’s write a little script that will configure the specified ESXi servers with the correct syslog settings:
#!/bin/bash #Set domain name and the syslog host domain=.domain.local loghost=ssl://syslogserver.domain.local for server in hostname1 hostname2 hostname3 hostname4 do echo "Configuring: " $server$domain #Set the environment source /opt/vmware/vma/bin/vifptarget -s $server$domain > /dev/null 2>&1 #Set the syslog target esxcli system syslog config set --loghost=$loghost #Configure the ESXi firewall esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true esxcli network firewall refresh #Restart the syslog service esxcli system syslog reload done
This script will configure the syslog server and open the syslog firewall rule for each server mentioned in the for loop. You can set your own domainname and syslog server; use ssl:// for an SSL connection (port 1514), or udp:// or tcp:// (port 514) for normal syslog traffic.