How to configure Syslog server in ESX

If you have a central log server that collects all your server and device syslogs, you will want to configure your ESX servers to also send their logs to it.

1. Login to the ESX server

2. Modify the following syslog system config line below to allow remote syslogging:

vi /etc/sysconfig/syslog

SYSLOGD_OPTIONS="-m 0 -r"

3. Modify the syslog config with the line below to log all to a remote syslog server:

vi /etc/syslog.conf

*.*     @syslog.server.local

4. Restart syslog:

/etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

5. Check the syslog firewall port UDP 514 is open:

/usr/sbin/esxcfg-firewall -q
Opened ports:

6. Open the syslog port if it is not open:

/usr/sbin/esxcfg-firewall -o 514,udp,out,syslog

7. Check the syslog firewall port UDP 514 is open:

/usr/sbin/esxcfg-firewall -q
Opened ports:
syslog              : port 514 udp.out

8. Send a test log message to check it is sending remote logs:

logger testlogmessage1