Skip navigation

It’s shame that it took me 2 hours to find out why my Syslog Collector is not working. But I would like to share my experience with everyone including how to debug it.

Syslog collector has two parts.

Part running on vCenter

 

Syslog Collector must be installed first.

clip_image002

clip_image002[6]

It is very important to configure your firewall so your syslog can go through.

the Syslog collector can use 3 different protocol. TCP,UDP,SSL. You can enable all of them.

clip_image002[8]

make sure you have space for this log collector

clip_image002[10]

that’s will install plug-in directly into your vCenter.

image

Feel free to use your DOMAIN/SERVICE_ACCOUNT to replace local administrator. But you need to make sure that service_account has local admin rights first.

By using different account will make better view in the TASK Manager to see how much memory it consumes.

 

clip_image002[14]

You can replace SSL certificate with local CA certificate if you really want.

clip_image002[16]

image

Then you can finish installation.

You will see it in your service.

image

You will see it in your task manager.

image

Parts you need to configure on ESXi host

 

As ESXi host, you need to configure it little bit more than just PDF file tells you.

You need to configure ESXi Firewall to open the port (which I didn’t. –_-b)

image

After that, the easiest way to configure is to use vSphere client (not web client).

image

You can use either tcp://servername:514 or tcp://serverIP:514 or other protocols

Once it’s done, you should have a new folder under your Syslog collector folder immediately without any other actions.

Debug Procedure:

 

Debug from vCenter

You need to check out whether syslog collector service is up

You need to check out whether Syslog appears in Task Manager

Use telnet to check tcp port to see whether port is open / listening

image

If you want to test UDP port, you can use Microsoft tools PortQryUI to do it. You can find it at this link.

http://www.microsoft.com/en-us/download/details.aspx?id=24009

Debug from ESXi host

Check the firewall and make sure port is open

Use this command on console to check the setting in esxi

image

Use this command to reload esxi syslog

esxcli system syslog reload

Use this command to test esxi syslog

esxcli system coredump network check

If it is successful, you should see something like this

Verified the configured netdump server is running

You can also use esxi console to configure rather use vCenter

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003322

The IP is the syslog collector IP address.

The VMA command is little bit different since you normally need to authenticate yourself, hence I won’t list here.

I think that’s everything about Syslog. Please let me know if you have questions.

Advertisements

One Comment

  1. Thanks for the summary !!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: