Configuring syslog for esxi hosts

After installation of vmware syslog server you can point your esx/i boxes to log directly to that server. But in the ‘data’ directory from syslog collector you will see instead of hostnames, ips of your host systems. I wanted to show how to create easier to read version of this directory.
By the way if you want to configure multiple hosts to log to syslog server you can use below line:

get-cluster 'your_cluster'|get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';''='udp://syslogip:514'}

or to change settings for all hosts within the VC.

get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';''='udp://syslogip:514'}

You may want not to override your settings for logging level, in that case delete those settings with logging level and leave only the logHost.

Also you probably want to change firewall settings in order to allow this traffic:

get-cluster 'yourcluster'|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

or to change it for all hosts in VC

get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

And the script:

function createshortcut{
param ( [string]$linkloc, [string]$DestPath )

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($linkloc)
$Shortcut.TargetPath = $DestPath

$collectordir="d:\Syslog Collector\data\"
foreach($dir in Get-ChildItem $collectordir|where { $_.PSIsContainer } ){
createshortcut "${collectordirwithnames}${vmhostname}.lnk" $dir.fullname

So, define your directory where your logs are written in $collectordir, then define second directory where you would like to keep the ‘human readable’ shortcuts to those directories. You will have to create this directory manually first. Then What this script will do, it will go to the data directory, read all directories(which are ips of your esx/i boxes), assuming they are all registered within dns, he will get their hostnames, and create links to those directories. Links names instead of ips, will consist of hosts hostnames. If you have 2-3 esx you probably know their ips 😉 But if you have 100..1000 or 10000 😉 Then it’s bit harder to recognize which is which. I hope that will help 😉

2 thoughts on “Configuring syslog for esxi hosts

  1. Thanks a lot for the script!
    I think that you make a litle mistake.. here:
    get-cluster ‘yourcluster’|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Get-VMHostFirewallException -Enabled:$true
    the correct i think is:
    get-cluster ‘yourcluster’|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq ‘syslog’} | Set-VMHostFirewallException -Enabled $true -Confirm:$false

    • Hi Agiuss, thanks for correction, of course itt’s set-vmhostfirewallexception . I have updated the post. as for -Enabled:$true , you can type it with : -Enabled:$true or -Enabled $true , both will work. as for -Confirm:$false i rarely put in my code this on website due to the fact that the person who will type it in his env, need to be sure that he wants to apply it everywhere without being asked. Once again, thanks for sharing that typo !

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s