vCenter to syslog server

Requirement 1: Have an external syslog server setup.  SolarWinds has an excellent syslog server call Kiwi.

There are two ways to syslog VMware to external servers.

1. Setup syslog on every ESXi host
2. Setup the vCenter syslog server

Enable syslog on the ESXi hosts

In vSphere client – click on an ESXi host and select Configuration tab -> Advanced Settings

From Advanced Settings window – in Syslog -> Syslog.Remote.Hostname, enter the DNS name or IP address of your syslog Server and click OK

Verify messages are being received and if this is okay then enable for all your ESXi hosts

Install the vCenter syslog server (Pictures from bouche.net)

This installation is pretty straight forward:

The setup routine will open any Windows Firewall ports.  The top install path is for the syslog applicaiton.  The bottom Repository is for the syslog.  You need to make sure there is plenty of room within this folder/drive.

Choose the VMware vCenter Server installation:

Provide the location of the vCenter Server as well as credentials to establish the connection.

 

The Syslog server has the ability to accept connections on three different ports:

1. UDP 514
2. TCP 514
3. Encrypted SSL 1514

Once the installation is finished, it’s ready to accept incoming Syslog connections from hosts.  You’ll notice a few new items in the vSphere Client.  First is the VMware Syslog Collector Configuration plug-in:

Next is the Network Syslog Collector applet:

 

Now you need to configure the host to send its logs to the vCenter integrated Syslog server.

In the vCenter inventory, select the ESXi 5.0 host, navigate to the Configuration tab, then Advanced Settings under Software.  Enter the Syslog server address in the field for Syslog.global.logHost.  The format is ://:port.  The field allows multiple Syslog servers separated by commas.  You can have multiple entries, but there needs to be a space after each comma:

 

You are done.  Pretty simple and straight forward.