I installed VMware vRealize Log Insight and configured all ESXi hosts to send logs to it. Automatic configuration failed and Log Insight suggested to configure Syslog service manually.
Here are a couple of VMware Knowledge Base articles that will help you:
- Configuring syslog on ESXi 5.x and 6.0 (2003322)
- Incorrect Syslog configuration in the /etc/vmsyslog.conf file causes multiple issues (2016914)
OK, let’s check syslog configuration:
Default Network Retry Timeout: 180 Local Log Output: /scratch/log Local Log Output Is Configured: false Local Log Output Is Persistent: true Local Logging Default Rotation Size: 10240 Local Logging Default Rotations: 20 Log To Unique Subdirectory: false Remote Host: 10.100.20.1
Remote Host configuration is incorrect.
Configure Syslog service to send logs to a remote host:
~ # esxcli system syslog config set --loghost='udp://10.100.20.1:514,udp://10.100.150.100:514' Got no data from process /usr/lib/vmware/vmsyslog/bin/esxcfg-syslog --plugin=esxcli --loghost='udp://10.100.20.1:514,udp://10.100.150.100:514'
Configuration command failed with “Got no data from process” error message.
Let’s check if the syslog service is running:
~ # ps | grep -i syslog 38072906 38072906 vmsyslogd /bin/python 38072907 38072906 vmsyslogd /bin/python 38072908 38072906 vmsyslogd /bin/python 38072909 38072906 vmsyslogd /bin/python
..and check the syslog service log:
~ # tail /var/log/.vmsyslogd.err 2016-01-04T17:22:02.499Z vmsyslog.loggers.file : ERROR ] Gzip logfile /scratch/log/vmkernel.0.gz failed <type 'exceptions.MemoryError'> 2016-01-04T17:22:04.451Z vmsyslog.loggers.file : ERROR ] Gzip logfile /scratch/log/vmkernel.0.gz failed <type 'exceptions.MemoryError'> 2016-01-04T17:22:06.364Z vmsyslog.loggers.file : ERROR ] Gzip logfile /scratch/log/vmkernel.0.gz failed <type 'exceptions.MemoryError'> 2016-01-04T17:22:08.312Z vmsyslog.loggers.file : ERROR ] Gzip logfile /scratch/log/vmkernel.0.gz failed <type 'exceptions.MemoryError'>
There are error messages in the log.
OK, let’s kill syslog processes:
~ # kill -9 `ps -Cuv | grep syslog | awk '{print $1}'`
…and reconfigure syslog again:
~ # esxcli system syslog config set --loghost='udp://10.100.20.1:514,udp://10.100.150.100:514'
No error message this time.
Check syslog configuratio again:
~ # esxcli system syslog config get Default Network Retry Timeout: 180 Local Log Output: /scratch/log Local Log Output Is Configured: false Local Log Output Is Persistent: true Local Logging Default Rotation Size: 10240 Local Logging Default Rotations: 20 Log To Unique Subdirectory: false Remote Host: udp://10.100.20.1:514,udp://10.100.150.100:514
All good.
Hope this will help.
Yes, it worked.
Thanks