Skip navigation

Tag Archives: syslog

It’s shame that it took me 2 hours to find out why my Syslog Collector is not working. But I would like to share my experience with everyone including how to debug it.

Syslog collector has two parts.

Part running on vCenter


Syslog Collector must be installed first.



It is very important to configure your firewall so your syslog can go through.

the Syslog collector can use 3 different protocol. TCP,UDP,SSL. You can enable all of them.


make sure you have space for this log collector


that’s will install plug-in directly into your vCenter.


Feel free to use your DOMAIN/SERVICE_ACCOUNT to replace local administrator. But you need to make sure that service_account has local admin rights first.

By using different account will make better view in the TASK Manager to see how much memory it consumes.



You can replace SSL certificate with local CA certificate if you really want.



Then you can finish installation.

You will see it in your service.


You will see it in your task manager.


Parts you need to configure on ESXi host


As ESXi host, you need to configure it little bit more than just PDF file tells you.

You need to configure ESXi Firewall to open the port (which I didn’t. –_-b)


After that, the easiest way to configure is to use vSphere client (not web client).


You can use either tcp://servername:514 or tcp://serverIP:514 or other protocols

Once it’s done, you should have a new folder under your Syslog collector folder immediately without any other actions.

Debug Procedure:


Debug from vCenter

You need to check out whether syslog collector service is up

You need to check out whether Syslog appears in Task Manager

Use telnet to check tcp port to see whether port is open / listening


If you want to test UDP port, you can use Microsoft tools PortQryUI to do it. You can find it at this link.

Debug from ESXi host

Check the firewall and make sure port is open

Use this command on console to check the setting in esxi


Use this command to reload esxi syslog

esxcli system syslog reload

Use this command to test esxi syslog

esxcli system coredump network check

If it is successful, you should see something like this

Verified the configured netdump server is running

You can also use esxi console to configure rather use vCenter

The IP is the syslog collector IP address.

The VMA command is little bit different since you normally need to authenticate yourself, hence I won’t list here.

I think that’s everything about Syslog. Please let me know if you have questions.