2 of 2 people found this helpful
If you are having an issue with getting ESX to send syslogs there is some informaiton at sites like this;
Have you used tcpdump and verified that ESX is sending the syslog events? If it is then can you put a tcpdump on the receiver for that IP and port and see if you are getting traffic? If you are not getting it at the receiver interfaces then there is a networking problem.
If you are seeing the data at the interface, make sure you have configured the datasource with the correct IP and syslog port information and that has been written to the receiver. Then using Data Source Model VMware (ASP) set Support Generic Syslogs to Log "uknown syslog" event. Make sure you write out the datasource, rollout policy and then you *should* see events.
Let me know if this helps,
Thanks for the url. I have sent it over to the vm admins and will update on if/when we can get it to work. I hope all that I was missing was the firewall piece.