How to setup syslog to remotely monitor a VMWare ESX Host server

Here’s a quick how-to I did on setting up syslog to remotely monitor a VMWare ESX Host.

You’ll obviously require an operational syslog server – I use Kiwi syslog – a freeware syslog daemon for this purpose.

Set up SYSLOG to monitor ESX Host remotely
The following should be configured on any new ESX Hosts that are installed. It will allow SYSLOG to be uploaded to a remote SYSLOG server such as Kiwi Syslog.

Login to the ESX host via Putty as root, or alternatively do this from the ESX server console. (PS if you are logging into a new ESX Host, you will need to have  allowed root access to the ESX server via SSH – I will do a how-to for this soon too).

nano /etc/syslog.conf

Go to the bottom line (blank) of the syslog.conf file and add this to point to your syslog server:

*.* @x.x.x.x

(Where x.x.x.x is the IP address or hostname of your syslog daemon server).

Press Ctrl-X to exit, and press “Y” to save changes, then Enter to commit your choice.

Restart syslog:

service syslog restart

If the host is a new installation, we will need to open the ESX firewall up to allow syslog out. Do the following command to open it:

esxcfg-firewall -o 514,udp,out,syslog

To reload the firewall configuration and apply changes:

esxcfg-firewall –l

Restart the syslog service once again with:

service syslog restart

If you want to spoof a message to the syslog server to test that the ESX host is actually doing any of the logging, use the following command.

/usr/bin/logger -p local6.notice -t TEST — “Testing SYSLOG”

Go and check the Syslog log file on your syslog server and you should see the log that has come through.

That is all there is to it! Please drop a comment or leave some feedback if this has helped you out in any way! 🙂