Configuring syslog to a remote syslog server in ESX/ESXi
For ESXi 5.0 servers
1) Log in as root on the ESXi server.
2) To get the current configuration, run the command
esxcli system syslog config get
3) To set a new syslog configuration, run the command
esxcli system syslog config set --logdir=/path/to/vmfs/directory/ --loghost=RemoteHostname --logdir-unique=true|false --default-rotate=NNN --default-size=NNN
For ESXi 4.0 servers
1) Log in as root on the ESXi server.
2) Execute the command
# ps | grep syslog
If there is no output, syslog has stopped.
3) To restart syslog, just type the command
# syslogd
4) Again, check the status of syslogd using the command
# ps | grep syslog
output should be something like this
<process number> busybox syslogd
(OR)
1) To reload the syslog services, execute the command below:
kill -HUP $(cat /var/run/syslogd.pid)
2) If no process is found from the above command, execute the below command:
syslogd
For ESX 3.5
1) Log in as root on the ESX server.
2) Open the /etc/syslog.conf file using a text editor.
3) Add this entry at the end of the file:
*.* @IP_address_of_syslog-server
For example:
*.* @10.0.5.25
Note: If you are changing from the default syslog port 514 to a different port, the entry should appear similar to:
*.* @10.0.5.25:Port_Number
For example, if you are changing the port to 520, the entry should be:
*.* @10.0.5.25:520
4) To restart the syslog service
For ESX servers
1) Log in as root on the ESXi server.
2) To start the syslog service
esxcli system syslog start
3) To check the status
esxcli system syslog status
4) To restart the service
esxcli system syslog restart
For ESXi 5.0 servers
1) Log in as root on the ESXi server.
2) To get the current configuration, run the command
esxcli system syslog config get
3) To set a new syslog configuration, run the command
esxcli system syslog config set --logdir=/path/to/vmfs/directory/ --loghost=RemoteHostname --logdir-unique=true|false --default-rotate=NNN --default-size=NNN
For example, to configure remote syslog using TCP on port 514:
esxcli system syslog config set --loghost='tcp://10.11.12.13:514'
4) To reload the syslog service, run the command
esxcli system syslog reload
For ESXi 4.0 servers
1) Log in as root on the ESXi server.
2) Execute the command
# ps | grep syslog
If there is no output, syslog has stopped.
3) To restart syslog, just type the command
# syslogd
4) Again, check the status of syslogd using the command
# ps | grep syslog
output should be something like this
<process number> busybox syslogd
(OR)
1) To reload the syslog services, execute the command below:
kill -HUP $(cat /var/run/syslogd.pid)
2) If no process is found from the above command, execute the below command:
syslogd
For ESX 3.5
1) Log in as root on the ESX server.
2) Open the /etc/syslog.conf file using a text editor.
3) Add this entry at the end of the file:
*.* @IP_address_of_syslog-server
For example:
*.* @10.0.5.25
Note: If you are changing from the default syslog port 514 to a different port, the entry should appear similar to:
*.* @10.0.5.25:Port_Number
For example, if you are changing the port to 520, the entry should be:
*.* @10.0.5.25:520
service syslog restart
5) Run this command to check if the ESX firewall has been opened for the syslog traffic:
esxcfg-firewall -q|grep syslog
6) If the firewall is open, you see an output similar to:
syslog : port 514 udp.out
If the firewall is closed, you do not see any output.
7) To open the firewall on the ESX host for syslog traffic, run this command:
esxcfg-firewall -o 514,udp,out,syslog && esxcfg-firewall -l
For ESX servers
1) Log in as root on the ESXi server.
2) To start the syslog service
esxcli system syslog start
3) To check the status
esxcli system syslog status
4) To restart the service
esxcli system syslog restart
5) To modify syslog config
vi /etc/syslog.conf
6) Check the syslog firewall port is open
esxcfg-firewall -q
7) To open the syslog firewall port UDP 514
esxcfg-firewall -o 514, udp, out, syslog
8) Send test log message to remote syslog server
logger testlogmessage123
No comments:
Post a Comment