Another vSphere 5 Upgrade Gotcha – Syslog

I had my vSphere 4.1 ESXi hosts set up to send logs to a central syslog server. After the upgrade to vSphere 5 this was no longer working. Did some checking and the syslog configurations that were set in 4.1 are gone and had to be reconfigured.

In vSphere 5 the remote syslog host is configured by setting Syslog.global.logHost

This setting is found in the Host Configuration -> Advanced Settings -> Syslog

The remote server for Syslog.global.logHost is specified in this format protocol://remotesyslogip:port (udp:// for syslog using udp on port 514 to host

It can also be set from the VMA using “esxcli system syslog config set –loghost=protocol://remoteipaddress:port”

Here is the VMwareKB on Configuring syslog for ESXi 5.0.

But wait – there’s more!

After setting up the remote syslog host you have to enable the firewall rule to allow syslog traffic outbound (port 514 tcp or udp). This can be done on the host from the vSphere client in Configuration -> Security Profile -> Firewall Properties.

Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − 7 =