Syslog Servers for ESXi [esxcli]

1. Enable ESXi Firewall

You will need to enable the syslog rule in the ESXi firewall (only in ESXi 5.0):

$ esxcli --server esxi1 --username root network firewall ruleset set --enabled yes --ruleset-id syslog

Note: The default syslog ruleset allows UDP/TCP 514 and TCP 1514, if you choose to use a different port you will need to update firewall ruleset.

2. Configure Syslog Servers

To specify more than one syslog server, you will need to separate them using a comma. By default, the host will use UDP protocol and port 514. However, you can specify tcp or ssl as the protocol to be used as well as the port number:

$ esxcli --server esxi1 --username root system syslog config set --loghost 

10.20.182.46,tcp://10.20.182.50:514,ssl://10.20.182.52:1514

Note: You can also authenticate against vCenter Server by specifying the --vihost parameter

3. Reload Syslog Configuration

For the syslog configuration to take effect, you will need to reload the configuration:

$ esxcli --server esxi1 --username root system syslog reload

configSyslog.sh

#!/bin/bash
# William Lam
# http://blogs.vmware.com/vsphere/automation/

PASSWORD=

if [[ $# -ne 3 ]]; then
 echo -e "\nUsage: $0 [USERNAME] [HOSTLIST] [SYSLOG_SERVERS]\n"
 exit 1
fi

if [ -z ${PASSWORD} ]; then
 echo -e "You forgot to set the password in the script!\n"
 exit 1
fi

USERNAME=$1
INPUT=$2
SYSLOG=$3

for HOST in $(cat ${INPUT});
do
 echo "Configuring syslog server for ${HOST} ..."
 esxcli --server ${HOST} --username ${USERNAME} --password ${PASSWORD} network firewall ruleset set --enabled yes --ruleset-id syslog
 esxcli --server ${HOST} --username ${USERNAME} --password ${PASSWORD} system syslog config set --loghost "${SYSLOG}"
 esxcli --server ${HOST} --username ${USERNAME} --password ${PASSWORD} system syslog reload
done