2 Replies Latest reply on Feb 1, 2013 3:58 PM by feeeds

    Vmware ESX 5 logs

    feeeds

      Does anyone have any experience in pushing ESX5 logs into the ESM ? I can get ESX4.1 logs to send via syslog without issue. I have set up ESX 5 the same way, but so far nothing is received.

        • 1. Re: Vmware ESX 5 logs
          Chris Boldiston

          Hi Feeds

           

           

          If you are having an issue with getting ESX to send syslogs there is some informaiton at sites like this;

           

          http://rainbow.chard.org/2012/04/04/esxi-5-0-remote-syslog/

           

          Have you used tcpdump and verified that ESX is sending the syslog events? If it is then can you put a tcpdump on the receiver for that IP and port and see if you are getting traffic? If you are not getting it at the receiver interfaces then there is a networking problem.


          If you are seeing the data at the interface, make sure you have configured the datasource with the correct IP and syslog port information and that has been written to the receiver. Then using Data Source Model VMware (ASP) set Support Generic Syslogs to Log "uknown syslog" event. Make sure you write out the datasource, rollout policy and then you *should* see events.

           

          Let me know if this helps,

           


          Chris

          2 of 2 people found this helpful
          • 2. Re: Vmware ESX 5 logs
            feeeds

            Thanks for the url.  I have sent it over to the vm admins and will update on if/when we can get it to work.  I hope all that I was missing was the firewall piece.