For most users who configure syslog for their ESXi hosts (hopefully everyone is doing that for audit, compliance and troubleshooting purposes), they typically stick with the default syslog ports 514 for UDP/TCP or 1514 for TLS.
A huge benefit of using the default syslog ports is that the ESXi firewall is already configured with these rulesets configured for outbound access.
If you require to use a non-standard syslog port for ESXi, the current solution was not ideal. While you can open up a custom port using the ESXi firewall, the issue is persisting that customization, which either requires a custom VIB or messing around with local.sh startup script.
A nice enhancement that is included with the recent release of vSphere 8.0 Update 2b is the support for a dynamic ESXi ruleset when non-standard syslog ports is configured.
As you can see in the example below when I configure my ESXi host to use a syslog server with a custom port 12345, the ESXi will automatically create a dynamic firewall ruleset that will open up that port for outbound connectivity. If you change the port or disable the syslog configuration, then the dynamic ruleset will be updated and/or removed.
CLaudio says
Hello William.
Using that feature will make the rule permanent even after a reboot of the host?
William Lam says
Correct
Arun says
Hi William,
We are trying to use a custom syslog port on a host running ESXi 7.0u3p Build 23307199 using the mentioned command but the dynamic rule is not getting created. Anything additional that needs to be done or checked?
William Lam says
It was mentioned internally that this was also supported with 70u3p, but just tried myself and seeing same behavior. Looks like this might only be possible w/8.0U2b and later
Dave says
Noticing the issue on 7.0u3p too, but the dynamic rule set works for 7.0u3q