1. ESX
- vi /etc/syslog.conf (add entry *.* @ip_of_vMA)
- /etc/rc.d/init.d/syslog restart (restart syslogd)
- esxcfg-firewall -o 514, udp, out, syslog_traffic (open the firewall for syslog_traffic )
2. ESXi
- vicfg-syslog -s ip_of_vMA (Setting remote log server from vMA)
- vSphere client also does the job; or just edit /etc/syslog.conf, /sbin/services.sh restart though
3. Config vMA to receive syslog from ESX/ESXi hosts (vi vMA)
- sudo vi /etc/sysconfig/syslog (modify entry to receive log from remote server, unmark SYSLOGD_OPTIONS)
- sudo /etc/rc.d/init.d/syslog restart (restart syslogd)
- sudo iptables -I INPUT -i eth0 -p udp --dport 514 -j ACCEPT
4. Enable vMA to receive syslog from ESX(i) host via vMA
- vilogger enable --server <ESX(i)_name>
- vilogger list (verify if succeed)
- vilogger disable --server <ESX(i)_name>
- default log location: /var/log/vmware/ESX(i)_name (/etc/vmware/viconfig/vilogdefaults.xml)
- option to change logname, logpolicy (collectionperiod, numrotation, maxfilesize)
No comments:
Post a Comment