Send ESXi Host Logs To Remote Syslog Server

Leave a reply

Under the ESXi host, navigate to Host->Manage->System->Advanced Settings and search for Syslog.global.logHost and click edit. Now input the address of the syslog server, in my case, a Graylog VM:

udp://192.168.139.11:8515
ESXi Host Advanced Settings

Enable SSH on the host and login. Navigate to /etc/vmware/firewall and create a file name.xml and add the following editing as needed:

<ConfigRoot>
  <service id="0000">
    <id>graylog</id>
    <rule id='0000'>
      <direction>outbound</direction>
      <protocol>udp</protocol>
      <porttype>dst</porttype>
      <port>8515</port>
    </rule>
    <enabled>true</enabled>
    <required>true</required>
  </service>
</ConfigRoot>

Save the file and reload the firewall by issuing

esxcli network firewall unload

esxcli network firewall load

You should now start seeing logs in your syslog server. Just be warned that it is not persistent across reboots.


Leave a Reply

Your email address will not be published. Required fields are marked *