You can set up syslog by using the esxcli utility to forward log events to Log Insight.

You can run the esxcli command in the console of an ESXi host, in the vSphere CLI, or in the vSphere Management Assistant.

Note

If you already configured an ESXi host to forward log events to Log Insight by following the Configure an ESXi Host to Forward Log Events to Log Insight procedure, you can ignore the manual configuration procedure.

If you want to configure an ESXi host version 5.x, read and understand the information in the VMware knowledge base article Configuring syslog on ESXi 5.x (KB 2003322).

If you want to configure an ESXi host version 4.x, read and understand the information in the VMware knowledge base article Enabling syslog on ESXi 3.5 and 4.x (KB 1016621).

Verify that you have user credentials with enough privileges to configure syslog on ESXi hosts.

Host.Configuration.Advanced settings

Host.Configuration.Security profile and firewall

Note

You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected.

1

Open an ESXi Shell console session where the esxcli command is available.

For example, you can use vMA or open the session directly on the ESXi host.

2

To view the current configuration options on the host, run the following command.

esxcli system syslog config get
3

To modify a host configuration, run the following command to specify the options to change.

esxcli system syslog config set --loghost=tcp|udp|ssl://log_insight-host:514
Note

You must use udp or tcp, but not both.

For example, the following command configures remote syslog using udp on port 514.

esxcli system syslog config set --loghost=udp://10.11.12.13:514

To configure your ESXi host to forward logs to multiple endpoints, you can list the endpoints, separated by commas, in the command.

esxcli system syslog config set --loghost=udp://10.11.12.13:514,tcp://192.168.100.101:514

4

To ensure that the ESXi firewall is configured to allow syslog traffic to leave the host, run the following commands.

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
esxcli network firewall refresh
5

Load the new configuration by running the esxcli system syslog reload command.

Note

If you do not run this command, the configuration change does not take effect.