VMware ESXi Log Source - How to add

Add VMware Host

  1. From the Add New Host page, choose UNIX as the Host Type and add the VMware host as UNIX host.

  2. Configure the syslog in the VMware as per the steps given below.

  3. After the EventLog Analyzer starts receiving the syslogs from the VMware host, edit the VMware host details and make host type as Hypervisor. Follow the steps given below:

    • Click the Edit Host Details icon of VMware host, Edit Host Details page opens up.

    • In that, choose Hypervisor as the Host Type.

    • Click Save Host Details to make this host as VMware host and return to the list of hosts monitored.

Configuring the Syslog Service on VMware

All ESX and ESXi hosts run a syslog service (syslogd), which logs messages from the VMkernel and other system components to a file.

To configure syslog for an ESX host:

Neither vSphere Client nor vicfg-syslog can be used to configure syslog behavior for an ESX host. To configure syslog for an ESX host, you must edit the /etc/syslog.conf file.

To configure syslog for an ESXi host:

On ESXi hosts, you can use the vSphere Client or the vSphere CLI command vicfg-syslog to configure the following options:

  • Log file path: Specifies a datastore path to the file syslogd logs all messages.

  • Remote host: Specifies a remote host to which syslog messages are forwarded. In order to receive the forwarded syslog messages, your remote host must have a syslog service installed.

  • Remote port: Specifies the port used by the remote host to receive syslog messages.

To configure syslog using vSphere CLI command:

For more information on vicfg-syslog, refer the vSphere Command-Line Interface Installation and Reference Guide.

To configure syslog using vSphere Client:

  1. In the vSphere Client inventory, click on the host.

  2. Click the Configuration tab.

  3. Click Advanced Settings under Software.

  4. Select Syslog in the tree control.

  5. In the Syslog.Local.DatastorePath text box, enter the datastore path to the file where syslog will log messages. If no path is specified, the default path is /var/log/messages.

The datastore path format is [<datastorename>] </path/to/file> where the path is relative to the root of the volume backing the datastore.

Example:The datastore path [storage1] var/log/messages maps to the path / vmfs/volumes/storage1/var/log/messages.

  1. In the Syslog.Remote.Hostname text box, enter the name of the remote host where syslog data will be forwarded. If no value is specified, no data is forwarded.

  2. In the Syslog.Remote.Port text box, enter the port on the remote host where syslog data will be forwarded. By default Syslog.Remote.Port is set to 514, the default UDP port used by syslog. Changes to Syslog.Remote.Port only take effect if Syslog.Remote.Hostname is configured.

  3. Click OK.