vSphere Syslog Collector troubleshooting

During a VMware health check, I noticed that the syslog files aren’t updated anymore in the repository from he vSphere Syslog Collector server.

image

Here are some basic steps I used to troubleshoot this problem.

VMware ESXi hosts

On the VMware ESXi hosts check the following settings:

  • Syslog destination. Open the vSphere Client. On the ESXi server, open the configuration tab and select advanced Settings. Check the Syslog.global.logHost value. The format is: protocol://FQDN:port . For example udp://syslog.beerens.local:514

image

  • Is the ESXi firewall port open for syslog traffic. Open the vSphere Client, on the ESXi server, open the Configuration tab, select Security Profile, Firewall and select Properties. Check if the syslog service is enabled.

image

vSphere Syslog Collector

On the vSphere Syslog Collector server check the following settings:

  • Is the syslog port 514 (default) listening:

image

-  Reload and update the syslog configuration.  On the ESXi host use the following command:

esxcli system syslog reload

In PowerCLI, the following command can be used to reload the syslog settings:

$esxCli = Get-EsxCli
$esxCli.system.syslog.reload()
  • Is the Syslog Collector service started. Restart the Syslog Collector service if needed

image

After the reloading the syslog settings and restarting the Syslog Collector service the files begun to update again in the repository.