Sometimes, you might be aware of this and might be using this in your environment. But I thought it is a good time to write an article about VMware Syslog and Network Dump Collector configurations as I was doing some Autodeploy configurations.
Setting up a Syslog collector and Network Dump collector is a must when you are up to use the VMware Autodeploy feature. Bulk ESXi Configuration and Deployment might be a headache when you have more than thousands of ESXi hosts to deal with as your daily operations.
As I mentioned earlier Syslog and Network Core Dump Collector is a must when you have auto deployed hosts which are not having a local disk to store the system files. In a situation like that the log files of these hosts store in the RAM disk which means each time this host reboots log files will be destroyed. That can lead you to a huge problem where you can’t find the exact issues such as PSOD incidents. As a precaution of that you need to have a separate log collector of your ESXi Hosts.
Syslog and Dump Collector services are in built to the vSphere 6.x and you need to setup this separately in vSphere 5.x. Here I’m using my vSphere 6.x environment and I’m focusing the ESXi host level configuration to pass the log files to your remote log collector.
Setting up the Syslog Collector
Login to your ESXi host with a SSH session and check the Syslog configurations with the below command
“esxcli system syslog config get” and check the remote host
Initially, this might be “<none>” and you need to point your host to the remote Syslog collector.
“esxcli system syslog config set –loghost <vCenter (Your Syslog Collector)>”
You can get the help about the syslog config commands from “esxcli system syslog config –help” command
Reload the Syslog configuration from “esxcli system syslog reload” command
As I mentioned, in vSphere 6.x you can use vCenter to collect the logs, navigate to your vCenter -> Manage -> Settings -> Syslog Collector (Right Click on your vCenter and select “Settings”)
Under “Host Logging” you can see the logged hosts. Don’t worry if you still can’t see this.
Still, if you can’t see the host check the “Security Profile” of the host. Firewall is not allowing the Service and Ports. Enable the service
Then check again the “Syslog Collector“. You might see your host now.
I know, some people don’t like the commands and still there is another way you can easily point your Syslog server in GUI.
Go to the “Advanced Settings” of the Host, Navigate to the “Syslog‘ and provide the IP or the FQDN of the Syslog Server to send the logs under “Syslog.global.logHost” Parameter.
Setting up the ESXi Core Dump Collector
Core Dump is the “State of the Memory in an event of a host failure/PSOD”, same scenario applied as the Syslog to the Core Dumps and you can point your vSphere 6.x vCenter to collect the logs of the hosts.
Login to your host using a SSH session and type ” esxcli system coredump network get” command to check the core dump status
You need to specify a vmkernel to send the traffic to the Dump Collecto, use ” esxcli system coredump network set -v <vmkernel> -i <IP Address of the collector/vCenter> -o <port>”
Enable to collector configuration, type “esxcli system coredump network set -e true”
Check the Core Dump configuration state again
Check the Core dump network status whether host can see the Core Dump server correctly, use ” esxcli system coredump network check” , if it is running correctly you can see ” Verified the configured netdump server is running” message