I wanted to create a post that discussed vSphere and ESXi log management. We will not cover log management using Log Insight in this post but we will cover how to setup and configure the following:
- Syslogs
- Scratch Logs
- Core Dumps
Syslogs
We can configure syslogs from several different places. C# Client, Web Client, PowerShell and the ESXi Shell. In this post we will go through the Web Client and ESXi Shell.
ESXi Shell –
Log into the shell directly with SSH or the vMA appliance.
Check the current syslog configuration:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
#Command esxcli system syslog config get #Expected Output Default Network Retry Timeout: 180 Dropped Log File Rotation Size: 100 Dropped Log File Rotations: 10 Enforce SSLCertificates: false Local Log Output: /scratch/log Local Log Output Is Configured: false Local Log Output Is Persistent: true Local Logging Default Rotation Size: 1024 Local Logging Default Rotations: 8 Log To Unique Subdirectory: false Message Queue Drop Mark: 90 Remote Host: <none> |
To get help for what we need to accomplish we can do the following:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
#Command esxcli system syslog config set --help #Output Usage: esxcli system syslog config set [cmd options] Description: set Set global log configuration options Cmd options: --check-ssl-certs Verify remote SSL certificates against the local CA Store --default-rotate=<long> Default number of rotated local logs to keep --default-size=<long> Default size of local logs before rotation, in KiB --default-timeout=<long> Default network retry timeout in seconds if a remote server fails to respond --drop-log-rotate=<long> Number of rotated dropped log files to keep --drop-log-size=<long> Size of dropped log file before rotation, in KiB --logdir=<str> The directory to output local logs to --logdir-unique Place logs in a unique subdirectory of logdir, based on hostname --loghost=<str> The remote host(s) to send logs to --queue-drop-mark=<long> Message queue capacity after which messages are dropped --reset=<str> Reset values to default |
Let’s set the follow perimeters: Log rotation, Log Directory (unique) and Remote Host.
Log Rotation & Unique Log Directory
|
1 2 3 |
#Command esxcli system syslog config set --default-rotate 2 --logdir-unique True |
Local Log Directory
|
1 2 3 |
#Command esxcli system syslog config set --logdir /vmfs/volumes/e7a216de-5e9b9108/scratch/logs |
Remote Host
|
1 2 3 |
#Command esxcli system syslog config set --loghost 10.1.1.123 |
Web Client –
Scratch Logs
Navigate to Advanced Settings under the host we’re configuring and search for ‘scratch’
Under ‘current location’ is what we need to edit. If you don’t know the VMFS path or device ID, we can open up a shell to the host and run the ‘esxcli storage filesystem list’ command and enter the path. Once complete, a host reboot will be required.
Core Dumps
For the core dumps, there are a few more steps than what syslogs and scratch logs have.
- Let’s make sure that vCenter has the Dump Collector Service enabled and started.
Once started, verify the port number by going to ‘settings’. Default port is 6500.
Once we’re done in vCenter, let’s head over to a host we want to configure.
2. Host Configuration.
Check the current configuration (if needed).
Configure the host for coredump settings and test.
