Integration guide for VMWare Syslog

​

Installing VMWare Syslog

1. Log in to your VMware vSphere Client.
2. Select the host that manages your VMware inventory.
3. Click on the Configuration tab.
4. From the Software panel, click on Advanced Settings.
5. In the navigation menu, click on Syslog.
6. Configure values for the following parameters:

   Parameter	ESX version	Description
   Syslog.Local.DatastorePath	ESX or ESXi 3.5.x or 4.x	Type the directory path for the local syslog messages on your ESXi server. The default directory path is [] /scratch/log/messages.
   Syslog.Remote.Hostname	ESX or ESXi 3.5.x or 4.x	Type the IP address of the UTMStack agent.
   Syslog.Remote.Port	ESX or ESXi 3.5.x or 4.x	Type the port number the ESXi server uses to forward syslog data. Use the following ports: 7002 UDP, 7002 TCP
   Syslog.global.logHost	ESXi v5.x or ESXi v6.x	Type the URL and port number that the ESXi server uses to forward syslog data. Examples: udp://<UTMStack Agent IP address>:7002 tcp://<UTMStack Agent IP address>:7002

7. Click OK to save the configuration
8. Log in to your VMware ESXi Server.
9. Configure Local and Remote Logging: open a ESXi Shell console session where the esxcli command is available, such as the vCLI or on the ESXi host directly.
10. Display the existing five configuration options on the host by running this command:

esxcli system syslog config get

11. Set new host configuration, specifying options to change, by running a command:

esxcli system syslog config set --loghost='tcp://your_utmstack_agent_ip:7002’

esxcli system syslog config set --logdir=/scratch/log --loghost=your_utmstack_agent_ip --logdir-unique=true

12. After making configuration changes, load the new configuration by running this command:

esxcli system syslog reload

13. Configuring ESXi Firewall Exception using the esxcli command/syslog port

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true

esxcli network firewall refresh

14. Run this command to test if the port is reachable from the ESXi host:

   nc -z your_utmstack_agent_ip 7002

15. Enable log collector.

    To enable the log collector where you have the UTMStack agent installed, follow the instructions below based on your operating system and preferred protocol.

    
    Execute command according to the selected platform
    Agent installation commands for operating systems must be copied directly from your UTMStack instance, under the Integrations section.
    This ensures that all tokens, identifiers, and configuration parameters are accurate and specific to your environment.

    ​

    Example:

    
16. Click on the button shown below, to activate the UTMStack features related to this integration