Configuring syslog for esxi hosts

After installation of vmware syslog server you can point your esx/i boxes to log directly to that server. But in the ‘data’ directory from syslog collector you will see instead of hostnames, ips of your host systems. I wanted to show how to create easier to read version of this directory.
By the way if you want to configure multiple hosts to log to syslog server you can use below line:

get-cluster 'your_cluster'|get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';''='udp://syslogip:514'}

or to change settings for all hosts within the VC.

get-vmhost| Set-VMHostAdvancedConfiguration -NameValue @{'Config.HostAgent.log.level'='info';'Vpx.Vpxa.config.log.level'='info';''='udp://syslogip:514'}

You may want not to override your settings for logging level, in that case delete those settings with logging level and leave only the logHost.

Also you probably want to change firewall settings in order to allow this traffic:

get-cluster 'yourcluster'|get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

or to change it for all hosts in VC

get-vmhost| Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

And the script:

function createshortcut{
param ( [string]$linkloc, [string]$DestPath )

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($linkloc)
$Shortcut.TargetPath = $DestPath

$collectordir="d:\Syslog Collector\data\"
foreach($dir in Get-ChildItem $collectordir|where { $_.PSIsContainer } ){
createshortcut "${collectordirwithnames}${vmhostname}.lnk" $dir.fullname

So, define your directory where your logs are written in $collectordir, then define second directory where you would like to keep the ‘human readable’ shortcuts to those directories. You will have to create this directory manually first. Then What this script will do, it will go to the data directory, read all directories(which are ips of your esx/i boxes), assuming they are all registered within dns, he will get their hostnames, and create links to those directories. Links names instead of ips, will consist of hosts hostnames. If you have 2-3 esx you probably know their ips 😉 But if you have 100..1000 or 10000 😉 Then it’s bit harder to recognize which is which. I hope that will help 😉

Change the syslog server for esxi5 box using powercli

Let’s say that we would like to change the syslog server to which our esxi5 boxes is sending logs in some particular cluster.

$changedValue = New-Object VMware.Vim.OptionValue[] (1)
$changedValue[0] = New-Object VMware.Vim.OptionValue
 $changedValue[0].key = ""
 $changedValue[0].value = "tcp:/your-syslog-ip:514"

Get-View -ViewType HostSystem -Searchroot (Get-Cluster "your-cluster-name").Id | %{
  $optMgr = Get-View $_.ConfigManager.AdvancedOption

Now check if we have updated values

get-view -viewtype HostSystem -SearchRoot (get-cluster "our-cluster").id | % { get-view $_.ConfigManager.AdvancedOption | select -ExpandProperty Setting |?{$_.Key -like ""} }

Many thanks to LucD for pointing me out a better way to go with updating this value!