Configuring remote logging
For compliance and security reasons, administrators may need to redirect ESXi logs to a remote syslog server.
How to do it...
This configuration is done by going to Configuration | Advanced Settings | Syslog and changing the variable Syslog.global.logHost to <protocol>://<syslog host>:<port> as shown in the following screenshot:
From Web Client, perform the following steps:
- Go to Manage | Settings | Advanced System Settings.
- Select the Syslog.global.logHost option in the list.
- Click on the Edit button above the list.
- Adjust the value of the Syslog.global.logHost option.
- Click on OK.
Note
In most cases, syslog uses UDP and that's why in case of high logging volume or high network utilization, some log entries may be lost. Consider this when planning the logging infrastructure.
You can configure the syslog and datastore logging mentioned in storing host logs on a shared datastore at the same time for each host.
Also, administrators may need to configure the ESXi firewall to allow outbound syslog traffic. This is done by going to Configuration | Security Profile | Firewall and performing the following steps:
- Click on Properties next to the Firewall section.
- Make sure syslog is chosen.
- Click on OK.
Alternatively, from Web Client, perform the following steps:
- Select a host.
- Go to Manage | Settings | Security Profile.
- Click on the Edit button next to the Firewall section.
- Select syslog in the list.
- Click on OK.
Once this configuration is completed the remote syslog server will start receiving logging data.
