I had my vSphere 4.1 ESXi hosts set up to send logs to a central syslog server. After the upgrade to vSphere 5 this was no longer working. Did some checking and the syslog configurations that were set in 4.1 are gone and had to be reconfigured.
In vSphere 5 the remote syslog host is configured by setting Syslog.global.logHost
This setting is found in the Host Configuration -> Advanced Settings -> Syslog
The remote server for Syslog.global.logHost is specified in this format protocol://remotesyslogip:port (udp://10.10.10.10:514 for syslog using udp on port 514 to host 10.10.10.10).
It can also be set from the VMA using “esxcli system syslog config set –loghost=protocol://remoteipaddress:port”
Here is the VMwareKB on Configuring syslog for ESXi 5.0.
But wait – there’s more!
After setting up the remote syslog host you have to enable the firewall rule to allow syslog traffic outbound (port 514 tcp or udp). This can be done on the host from the vSphere client in Configuration -> Security Profile -> Firewall Properties.