Configuring syslog for esxi hosts

by Grzegorz Kulikowski

After installation of vmware syslog server you can point your esx/i boxes to log directly to that server. But in the ‘data’ directory from syslog collector you will see instead of hostnames, ips of your host systems. I wanted to show how to create easier to read version of this directory.
By the way if you want to configure multiple hosts to log to syslog server you can use below line:
[sourcecode language=”powershell”]
get-cluster ‘your_cluster’|get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{‘Config.HostAgent.log.level’=’info’;’Vpx.Vpxa.config.log.level’=’info’;’Syslog.global.logHost’=’udp://syslogip:514′}
[/sourcecode]
or to change settings for all hosts within the VC.
[sourcecode language=”powershell”]
get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{‘Config.HostAgent.log.level’=’info’;’Vpx.Vpxa.config.log.level’=’info’;’Syslog.global.logHost’=’udp://syslogip:514′}
[/sourcecode]

You may want not to override your settings for logging level, in that case delete those settings with logging level and leave only the logHost.

Also you probably want to change firewall settings in order to allow this traffic:
[sourcecode language=”powershell”]
get-cluster ‘yourcluster’|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Set-VMHostFirewallException -Enabled:$true
[/sourcecode]
or to change it for all hosts in VC
[sourcecode language=”powershell”]
get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Set-VMHostFirewallException -Enabled:$true
[/sourcecode]
And the script:
[sourcecode language=”powershell”]
function createshortcut{
param ( [string]$linkloc, [string]$DestPath )

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($linkloc)
$Shortcut.TargetPath = $DestPath
$Shortcut.Save()
}

$collectordir="d:\Syslog Collector\data\"
$collectordirwithnames="d:\HostLogs\"
foreach($dir in Get-ChildItem $collectordir|where { $_.PSIsContainer } ){
$vmhostname=[System.Net.Dns]::GetHostByAddress($dir.name).Hostname
createshortcut "${collectordirwithnames}${vmhostname}.lnk" $dir.fullname
}
[/sourcecode]
So, define your directory where your logs are written in $collectordir, then define second directory where you would like to keep the ‘human readable’ shortcuts to those directories. You will have to create this directory manually first. Then What this script will do, it will go to the data directory, read all directories(which are ips of your esx/i boxes), assuming they are all registered within dns, he will get their hostnames, and create links to those directories. Links names instead of ips, will consist of hosts hostnames. If you have 2-3 esx you probably know their ips 😉 But if you have 100..1000 or 10000 😉 Then it’s bit harder to recognize which is which. I hope that will help 😉

You may also like

2 comments

agiuss January 29, 2013 - 3:52 pm

Thanks a lot for the script!
I think that you make a litle mistake.. here:
get-cluster ‘yourcluster’|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Get-VMHostFirewallException -Enabled:$true
the correct i think is:
get-cluster ‘yourcluster’|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Set-VMHostFirewallException -Enabled $true -Confirm:$false

Reply
psvmware January 29, 2013 - 4:54 pm

Hi Agiuss, thanks for correction, of course itt’s set-vmhostfirewallexception . I have updated the post. as for -Enabled:$true , you can type it with : -Enabled:$true or -Enabled $true , both will work. as for -Confirm:$false i rarely put in my code this on website due to the fact that the person who will type it in his env, need to be sure that he wants to apply it everywhere without being asked. Once again, thanks for sharing that typo !

Reply

Leave a Reply

Chinese (Simplified)EnglishFrenchGermanHindiPolishSpanish
Streaming live on Twitch right now.
CURRENTLY OFFLINE