Installing VMWare Syslog

This integration requires a UTMStack agent to work properly. Please, make sure you have installed it before you continue.

  1. Log in to your VMware vSphere Client.

  2. Select the host that manages your VMware inventory.

  3. Click on the Configuration tab.

  4. From the Software panel, click on Advanced Settings.

  5. In the navigation menu, click on Syslog.

  6. Configure values for the following parameters:

    ParameterESX versionDescription
    Syslog.Local.DatastorePathESX or ESXi 3.5.x or 4.xType the directory path for the local syslog messages on your ESXi server. The default directory path is [] /scratch/log/messages.
    Syslog.Remote.HostnameESX or ESXi 3.5.x or 4.xType the IP address of the UTMStack agent.
    Syslog.Remote.PortESX or ESXi 3.5.x or 4.xType the port number the ESXi server uses to forward syslog data. Use the following ports: 7002 UDP, 7002 TCP
    Syslog.global.logHostESXi v5.x or ESXi v6.xType the URL and port number that the ESXi server uses to forward syslog data. Examples: udp://<UTMStack Agent IP address>:7002 tcp://<UTMStack Agent IP address>:7002

  7. Click OK to save the configuration

  8. Log in to your VMware ESXi Server.

  9. Configure Local and Remote Logging: open a ESXi Shell console session where the esxcli command is available, such as the vCLI or on the ESXi host directly.

  10. Display the existing five configuration options on the host by running this command:

esxcli system syslog config get
  1. Set new host configuration, specifying options to change, by running a command:
esxcli system syslog config set --loghost='tcp://your_utmstack_agent_ip:7002’

esxcli system syslog config set --logdir=/scratch/log --loghost=your_utmstack_agent_ip --logdir-unique=true
  1. After making configuration changes, load the new configuration by running this command:
esxcli system syslog reload
  1. Configuring ESXi Firewall Exception using the esxcli command/syslog port
esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true

esxcli network firewall refresh
  1. Run this command to test if the port is reachable from the ESXi host:
   nc -z your_utmstack_agent_ip 7002

  1. Enable log collector.

    To enable the log collector where you have the UTMStack agent installed, follow the instructions below based on your operating system and preferred protocol.

    Execute command according to the selected platform

  2. Click on the button shown below, to activate the UTMStack features related to this integration