Fowarding ESXi logs

[vmesquita]

We are trying to set up an VMWare ESXi Server to foward logs. The interface options don't match the ones in the tutorial:
http://assets.nagios.com/downloads/nagi ... Server.pdf

Unfortunatelly the tutorial doesn't specify which version was used. We have ESXi 4.1

I was able to locate the option regarding the host for the logs to be fowarded, however the security options don't show syslog. We tried like this and the logs were not fowarded. I am attaching some screenshots of the options in the version we are using.

Any idea on how we can make this work?

[lmiltchev]

Is syslog running on the ESXi server? Try from the CLI:

Code: Select all

service syslog restart
service syslog status

[tgriep]

You may have to enable the firewall to allow outbound traffic.

In the vSphere client, click on the ESXI server, click the "Configuration" tab.
Under the software section, Click "Security Profile" and check the properties for the firewall settings for syslog.

[Box293]

That guide was done on an ESXi 5.1 server if memory serves me right.

It appears to be different on 4.1, refer to this document:
http://kb.vmware.com/selfservice/micros ... Id=1016621

I also found this which said you can start syslogd simply by running syslogd
http://paulgrevink.wordpress.com/2011/0 ... t-syslogd/
However it did not mention how to make it run on bootup

[vmesquita]

Thanks for the replies!

Is syslog running on the ESXi server? Try from the CLI:

Code: Select all

service syslog restart
service syslog status

This commands doesn't seem to work at ESXi 4.1:

~ # service syslog status
-ash: service: not found

In the vSphere client, click on the ESXI server, click the "Configuration" tab.
Under the software section, Click "Security Profile" and check the properties for the firewall settings for syslog.

The security profile windows doesn't have a syslog entrance, as shown in the screenshot above. But apparently it works without this step:

That guide was done on an ESXi 5.1 server if memory serves me right.

It appears to be different on 4.1, refer to this document:
http://kb.vmware.com/selfservice/micros ... Id=1016621

I also found this which said you can start syslogd simply by running syslogd
http://paulgrevink.wordpress.com/2011/0 ... t-syslogd/
However it did not mention how to make it run on bootup

I followed the second tutorial and syslog was enabled. But as you pointed, there's no explanation on how to enable it on boot.

[tgriep]

I just want to clarify but are the logs getting from the ESXi server to the Nagios Log server now?

I could be wrong but I think syslog is enabled by default so you shouldn't have to enable it.

[vmesquita]

I just want to clarify but are the logs getting from the ESXi server to the Nagios Log server now?

I could be wrong but I think syslog is enabled by default so you shouldn't have to enable it.

Yes, there are. Apparently it's not enabled in ESXi 4.1 by default. We still need to figure out the best way to enable it on boot.

Another question: Why the tutorial suggests using another port different from the default one for syslog? This will require one more rule in the firewall and I am falling to see why the advantage ...

[tgriep]

Yes, I am having problems finding how to enable syslog on boot. You may have to contact VMWare.
The only thing I found is this link.
http://kb.vmware.com/selfservice/micros ... Id=1016621

The answer to why the port is changed, the Nagios Log server runs as a locked down user and cannot receive data on ports below 1024, only root can do that.