Configuring syslog settings on an ESXi host
Booting your ESXi from SD or USB flash storage is a common scenario. However, when booting from SD and USB, ESXi does not use that storage for logging. Instead, it keeps the logs in memory, which is nonpersistent. Now that you have established a shared, persistent storage, you can point the ESXi hosts syslog functions to store the logs onto the shared disk so that it can survive a reboot or help you to troubleshoot. Even hosts booting from a local spinning disk might want to redirect their syslog onto a shared SAN drive so that it's accessible from another hosts if one of the hosts fails.
Another common use in enterprises is a centralized syslog server or a third-party log collection and analytics service, such as Splunk. Third-party services offer filters, alarms, search, and other advanced features to add context and value to the logs collected from systems.
This section will cover setting this configuration on an ESXi host.
Getting ready
To work in this section, you will need to open a PowerCLI window, connect to an ESXi host, and populate the $esxihost variable with a VMHost object.
How to do it…
- PowerCLI provides the
Get-AdvancedConfigcmdlet that lets us peer into the advanced settings of the ESXi host. Even in the GUI, the syslog settings for an ESXi host are set within the Advanced Configuration setting. If you enumerate all of the advanced settings and then scope for items withsyslog.global, you will see the settings you want to adjust to set centralize logging:$esxihost | Get-AdvancedSetting | Where {$_.Name -like "syslog.global*"}
The two settings you want to adjust are:
logDirUniquethat sets a subdirectory for each host in the cluster, andlogDirthat sets the centralized location. - The
logDirUniquesetting is an easy one. First, you will need to scope down to retrieve just that setting and then pipe it into theSet-AdvancedSettingcmdlet:$esxihost | Get-AdvancedSetting | Where {$_.Name -like "Syslog.global.logDirUnique"} | Set-AdvancedSetting -value $true -Confirm:$false - The second directory takes a bit more configuration. The
logDirsetting is a string that defines a storage path. So in our case, you need to figure out which datastore we're going to locate the syslog files onto. The VMFS datastore is identified as a bracketed name, which is followed by a path name. In the earlier example, you created a datastore callediSCSIDatastore1and you will now use it as our syslog global directory:$esxihost | Get-AdvancedSetting | Where {$_.Name -like "Syslog.global.logDirUnique"} | Set-AdvancedSetting -value "[iSCSIDatastore1] syslog" -Confirm:$falseAlternatively, if you want to direct all log files to a centralized syslog server, you can set this setting, the
Syslog.global.logHostvalue. - To set the syslog host value, you will use the same cmdlet used to set the previous values for syslog, except that you will alter the advanced setting used in the
Wherestatement. The value should beSyslog.global.logHostto locate the correct value to be set:$esxihost | Get-AdvancedSetting | Where {$_.Name -like "Syslog.global.logHost"} | Set-AdvancedSetting -value " tcp://syslogserver:514 " -Confirm:$false
How it works…
The vSphere Advanced Settings control the syslog functions. There are properties in the advanced settings that control how often and at what frequency to roll the log files, and in this example, where to store the global syslog directory, and whether to make a unique subdirectory for this host's log files.
The Get-AdvancedSetting and Set-AdvancedSetting cmdlets expose and allow us to set these Advanced Settings from PowerCLI.
Setting the global log directory requires the administrator to choose a datastore and a subdirectory on which to create these log files. The format of the path is set by using the bracketed datastore name and then a relative path inside the datastore. This is a path definition that vSphere understands, but it is also specific to vSphere. It uses a Linux-like path definition, but it begins inside the datastore location.
There's more…
In general, it's best to leave vSphere advanced settings with their default values unless instructed to make changes by VMware support. The vSphere advanced settings can alter the behavior of ESXi significantly and should be done with caution.
