Configuring ESXi Syslog Services
All ESXi hosts run a Syslog service, which logs messages from the VMkernel and other system components to local files or to a remote host. You can use the vSphere Client or the esxcli system syslog command to configure the following parameters of the syslog service.
Remote host and port. Remote host to which Syslog messages are forwarded and port on which the remote host receives Syslog messages. The remote host must have a log listener service installed and correctly configured to receive the forwarded syslog messages. See the documentation for the syslog service installed on the remote host for information on configuration.
Transport protocol. Logs can be sent by using UDP (default), TCP or SSL transports.
Local logging directory. Directory where local copies of the logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the /scratch directory on the local file system is persistent across reboots.
Unique directory name prefix. Setting this option to true creates a subdirectory with the name of ESXi host under the specified logging directory. This method is especially useful if the same NFS directory is used by multiple ESXi hosts.
Log rotation policies. Sets maximum log size and the number of archives to keep. Policies can be specified both globally, and for individual subloggers. For example, you can set a larger size limit for the vmkernel log.
Important The esxcli system syslog command is the only supported command for changing ESXi 5.0 logging configuration. The vicfg-syslog command and editing configuration files is not supported for ESXi 5.0 and can result in errors.
After making configuration changes, restart the syslog service (vmsyslogd) by running esxcli system syslog reload.
The esxcli system syslog command allows you to configure the logging behavior of your ESXi system. With vSphere 5.0, you can manage the top-level logger and subloggers. The command has the following options.
--logdir=<path> – Save logs to a given path.
--loghost=<host> – Send logs to a given host. See esxcli system syslog Examples.
--logdir-unique=<true|false> – Specify whether the log should go to a unique subdirectory of the directory specified in logdir.
--default-rotate=<int> – Default number of log rotations to keep.
--default-size=<int> – Size before rotating logs, in KB.
--id=<str> – ID of the logger to configure (required).
--reset=<str> – Reset values to default.
--rotate=<long> – Number of rotated logs to keep for a specific logger (requires --id).
--size=<long> – Size of logs before rotation for a specific logger, in KB (requires --id).
esxcli system syslog Examples
The following workflow illustrates how you might use esxcli system syslog for log configuration. Specify one of the options listed in Connection Options in place of <conn_options>.
esxcli <conn_options> system syslog config get
Default Rotation Size: 1024
Default Rotations: 8
Log Output: /scratch/log
Logto Unique Subdirectory: false
Remote Host: <none>
esxcli <conn_options> system syslog config set --default-rotate=20
esxcli <conn_options> system syslog config logger --id=vmkernel --size=2048 --rotate=10
Send logs to remote host The logs will use the default transport (UDP) and port (514).
esxcli system syslog config set --loghost=''
Save the local copy of logs to /scratch/mylogs and send another copy to the remote host.
esxcli <conn_options> system syslog config set --loghost='tcp://' --logdir='/scratch/mylogs'
You set the directory on the remote host by configuring the client running on that host. You can use the vSphere Client to redirect system logs to a remote host by changing the Syslog.Remote.Hostname advanced setting.
esxcli <conn_options> system syslog mark --message="this is a message!"
esxcli <conn_options> system syslog reload