Installing a VMware ESXi Syslog Collector
The VMware Syslog Collector provides an unified architecture for system logging, enables network logging & logs from multiple VMware vSphere hosts to be combined. There are two server types for VMware Syslog Collector "Standalone Installation" & "VMware vCenter Server Installation". I am going to cover "VMware vCenter Server Installation", its easy & staright forward. How to Install VMware vCenter Server 5.0 Step by Step
You will find VMware Syslog Collector installables under VMware vCenter Server ISO/DVD. Insert VMware vCenter DVD & launch the VMware Syslog Collector setup.
Click "OK" to continue,
Click "Next" to proceed,
Accept VMware End-User Patent Agreement to continue,
Accept VMware End User License Agreement & Click Next.
Select Destination folder to install VMware Syslog Collector. Set "size of log file before rotation" & "log rotation to keep", In my case its default.
Select setup type as "VMware vCenter Server installation" & Click Next.
Enter your VMware vCenter Server Details such as IP address & Login Credentials,
Keep the default vSphere Syslog Collector Port & Continue,
Click Next,
Click "Install" to start installation,
Click finish to complete the installation.
Now your VMware Syslog Collector installation is finished & it’s ready to accept incoming Syslog connections from Vmware vSphere hosts. Now need to enable Syslog Collector plugin. Go to "Plugins" tab & enable syslog collector plugin as shown below.
Now open VMware Network Syslog Collector as shown below,
Here you will find all your Syslog server Ports, Host details,
Now I will configure host to send logs to the vCenter integrated Vmware Syslog server. Login to vCenter Server via VI Client. In the inventory select the ESXi 5.0 host & under Software navigate to the Configuration->Advanced Settings. Enter the Syslog server address in the field for Syslog.global.logHost.
My Syslog.global.loghost is as shown below (there is a space after each comma)
udp://192.168.16.150:514, 192.168.16.150:514, ssl://192.168.16.150:1514
Now I will ensure Syslog Server ports are opened on the ESXi 5.0 firewall. If the Syslog ports are blocked logs won’t make it to the Syslog server. Under Software, Navigate to Configuration->Security Profile->Firewall as shown below,
Tick the "Syslog" lable & click on "OK" to open the Syslog server ports.
On VMware vCenter Server you will see a folder for each host for logs,