WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Uncategorized / Free Linux & Windows Syslog Alternatives to depercated vi-logger in vMA 5

Free Linux & Windows Syslog Alternatives to depercated vi-logger in vMA 5

07.25.2011 by William Lam // 12 Comments

Those of you who currently use vi-logger in vMA 4.x as a free syslog server for your ESX(i) hosts may notice this functionality has been removed in the latest vMA 5 release. VMware decided to remove the syslog functionality in vMA in favor of combining it with the vCenter Server. If you decide to run vCenter 5 on Windows, you have the option of installing an additional syslog collector on the same or separate Windows system and registering it as a vCenter plugin. If you are using the new VCVA (vCenter Server Virtual Appliance), there is also a syslog collector that is installed by default.

Using vMA's vi-logger was an easy and free solution, but you still have some alternatives without having to use vCenter or install/build a new syslog server. The following will document a free syslog solution for both a Linux or Windows platform.

Linux Syslog server alternative using vMA 5.0
You can actually leverage the existing syslog server on the latest vMA 5 release and with a few customization, get it setup to start collecting logs from your ESX(i) hosts as before with vi-logger.

Step 1 - It is recommend that you configure an additional disk on vMA for your syslogs as the size of vMA is quite tiny for additional use. I will assume that you know how to add and configure an additional disk, if not you can do a simple search on Google. In this example, I have a second disk that is 10GB and it is mounted up under /var/log/remote which is where the ESX(i) logs will be stored in.

Step 2 - You will need to edit the syslog configuration under /etc/syslog-ng/syslog-ng.conf and you will need to add three entries. The first addition is to configure the source for log messages from the network and enabling both udp/tcp on port 514, you may add the following under the default "src" entry.

source network {
udp6( port(514) );
tcp6( port(514) );
};

The next two entries will define the destination and how it'll log. You will add the following at the end of the syslog-ng.conf configuration file.

destination log_remote {
file("/var/log/remote/$HOST_FROM/$YEAR-$MONTH/messages-$YEAR-$MONTH-$DAY"
create_dirs(yes) frac-digits(3)
template("$ISODATE $PROGRAM $MSGONLY\n")
template_escape(no)
);
};
log {
source(network);
destination(log_remote);
};

The "log_remote" destination will send all logs from your ESX(i) hosts into /var/log/remote and will have the following format: $HOST_FROM/$YEAR-$MONTH/messages-$YEAR-$MONTH-$DAY

Step 3 -  Now you will need to restart the syslog server for the changes to take effect. You will need to run the following command: sudo /etc/init.d/syslog restart

If everything went successful, you should now be able to configure your ESX(i) hosts to point to your vMA 5 system and you should see logs appearing under /var/log/remote

Note: You will need to use sudo to view the directory under /var/log/remote and to view the logs

Windows Syslog server alternative using vCenter Syslog Collector
The vCenter Syslog Collector can be installed and used without the use of vCenter, you can easily turn any existing or new Windows system into a syslog server for your ESX(i) hosts for free.

Step 1 -  It is recommend that you configure a seperate disk on the Windows system that you are going to be using for your syslog server. I will assume that you know how to add and configure an additional disk, if not you can do a simple search on Google. In this example, I have a second disk that is 10GB and listed as Syslog (E: drive)

Step 2 - You will need access to the vCenter Server 5.0 installation ISO or executable to install the Syslog Collector utility. Start the installer and select and install VMware Syslog Collector

Step 3 - You have the option of using the local C:\ drive, but I would recommend setting up a separate drive if you can. If you decide to change the default log location, you need to ensure that you specify the following directory structure VMware\VMware Syslog Collector\Data else you will run into issues with the installation. In this example, I have moved my logs into E:\ drive and the path looks like the following: E:\VMware\VMware Syslog Collector\Data. You also have the ability to change the size of the log files before rotation and the number of logs before rotating.

Step 4 - If you are installing the Syslog Collector on the same host as vCenter Server, you should select the integrated installation else you should select a standalone installation.

Step 5 - The next screen will be the default ports to enable for both TCP/UDP and SSL which can be configured or left as the default as recommend.

Step 6 - The screen is how the Syslog Collector will be identified on the network and it should just be the IP Address of the host.

If everything went successful, you should now be able to configure your ESX(i) hosts to point to your Windows Syslog Collector system and you should see logs appearing under E:\VMware\VMware Syslog Collector\Data

As you can see even with vi-logger being removed in the latest version of vMA 5, you can easily still configure a free syslog server with your ESX(i) hosts on either a Linux or Windows platform.

More from my site

  • Tips and Tricks for vMA 5
  • vi-fastpass esxcli and resxtop bug resolved in vMA 5
  • Running ESXi 5.0 & 5.1 on 2012 Mac Mini 6,2
  • Nested Virtualization Resources
  • That's so cool! Running ESXi 5.0 & 5.1 on Apple Mac Mini

Categories // Uncategorized Tags // ESXi 5.0, syslog, vilogger, vma, vMA5, vSphere 5.0

Comments

  1. *protectedMark and Katie says

    09/16/2011 at 8:20 pm

    How did you mount the drive in vMA? ext3 doesn't work. I am sure I need to format it in some way but if you can quickly give me the commands that would be awesome!

    Reply
  2. *protectedWilliam says

    09/17/2011 at 2:34 am

    @Mark and Katie,

    You will need to format your disk and then use the "mount" utility. Please do a search online for a tutorial to you walk you through the process

    Reply
  3. *protectedcompsavvystu says

    11/07/2011 at 9:05 pm

    This comment has been removed by the author.

    Reply
  4. *protectedcompsavvystu says

    11/07/2011 at 9:45 pm

    Two sites have some additional information about how to make this work:

    Simon Long's Blog shows how to add an additional disk to house your syslogs:
    http://www.simonlong.co.uk/blog/2010/05/28/using-vma-as-your-esxi-syslog-server/

    Also, VMware shows you how to point your ESXi5 hosts to your new syslog server:
    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007658

    Reply
  5. *protectedeazysnatch says

    11/24/2011 at 12:01 pm

    What about archiving.

    I make it to put all logs in /var/log/remote/$HOST-messages-$YEAR-$MONTH-$DAY.log

    And then configure logrotate to archive my logs.
    Do you have any solution with logrotate to archive logs which are in /var/log/remote/$HOST_FROM/$YEAR-$MONTH/
    Because logrotate can't handle $HOST ... $YEAR-$MONTH .

    Reply
  6. *protectedLádínek says

    12/14/2011 at 12:15 pm

    This comment has been removed by the author.

    Reply
  7. *protectedLádínek says

    12/14/2011 at 12:17 pm

    Not working at all, perhaps based of pre-release version, I don´t know, but my vCenter appliance has /var/log/remote symlinked to /storage/logs/remote which is on /dev/sdb2, and there are running two syslog services: syslog (which is syslog_ng) and syslog-collector, which uses /etc/syslog_ng/syslog-collector.conf similar to what you are appending in this article to syslog_ng.conf.

    Reply
  8. *protectedUnknown says

    06/20/2012 at 2:20 am

    It seems to be working, but the directory the ESXi host writes to (under the "remote" directory) look like this "::ffff:192.168.20.10". Which! I also can't access :s

    Reply
  9. *protectedKK says

    05/02/2014 at 1:44 pm

    William, Tried configuring with vMA 5.5 for vSphere 5.1 ESXi hosts but logs are not getting forwarded after following the above article.

    any hints?

    Reply
    • William Lam says

      05/02/2014 at 1:53 pm

      Have you checked the firewall on ESXi hosts to ensure they're allow syslog traffic?

      Reply
      • *protectedKK says

        05/02/2014 at 7:27 pm

        Oh william, i'm so glad you replied. ESXi hosts are not opened to syslog service. I have to work creating customer firewall rile.

        thank your so much for your quick reply. Appreciate if you can help on your "VMwareHealthCheckSript" as well.

        Reply

Trackbacks

  1. Tips and Tricks for vMA 5 | virtuallyGhetto says:
    03/02/2014 at 7:43 pm

    […] 5. vi-logger in vMA 5 has been deprecated and removed, for a free syslog alternative take a look at this blog article: Free Linux & Windows Syslog Alternatives to depercated vi-logger in vMA 5 […]

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025