VMware vSphere 6 – ESXi Syslog and Network Dump collector configuration

VMware vSphere 6 – ESXi Syslog and Network Dump collector configuration

Sometimes, you might be aware of this and might be using this in your environment. But I thought it is a good time to write an article about VMware Syslog and Network Dump Collector configurations as I was doing some Autodeploy configurations.

Setting up a Syslog collector and Network Dump collector is a must when you are up to use the VMware Autodeploy feature. Bulk ESXi Configuration and Deployment might be a headache when you have more than thousands of ESXi hosts to deal with as your daily operations.

As I mentioned earlier Syslog and Network Core Dump Collector is a must when you have auto deployed hosts which are not having a local disk to store the system files. In a situation like that the log files of these hosts store in the RAM disk which means each time this host reboots log files will be destroyed. That can lead you to a huge problem where you can’t find the exact issues such as PSOD incidents. As a precaution of that you need to have a separate log collector of your ESXi Hosts.

Syslog and Dump Collector services are in built to the vSphere 6.x and you need to setup this separately in vSphere 5.x. Here I’m using my vSphere 6.x environment and I’m focusing the ESXi host level configuration to pass the log files to your remote log collector.

Setting up the Syslog Collector

Login to your ESXi host with a SSH session and check the Syslog configurations with the below command

esxcli system syslog config get” and check the remote host

Initially, this might be “<none>” and you need to point your host to the remote Syslog collector.

esxcli system syslog config set –loghost <vCenter (Your Syslog Collector)>

You can get the help about the syslog config commands from “esxcli system syslog config –help” command

Reload the Syslog configuration from “esxcli system syslog reload” command

As I mentioned, in vSphere 6.x you can use vCenter to collect the logs, navigate to your vCenter -> Manage -> Settings -> Syslog Collector (Right Click on your vCenter and select “Settings”)

Under “Host Logging” you can see the logged hosts. Don’t worry if you still can’t see this.

Still, if you can’t see the host check the “Security Profile” of the host. Firewall is not allowing the Service and Ports. Enable the service

Then check again the “Syslog Collector“. You might see your host now.

I know, some people don’t like the commands and still there is another way you can easily point your Syslog server in GUI.

Go to the “Advanced Settings” of the Host, Navigate to the “Syslog‘ and provide the IP or the FQDN of the Syslog Server to send the logs under “Syslog.global.logHost” Parameter.

Setting up the ESXi Core Dump Collector

Core Dump is the “State of the Memory in an event of a host failure/PSOD”, same scenario applied as the Syslog to the Core Dumps and you can point your vSphere 6.x vCenter to collect the logs of the hosts.

Login to your host using a SSH session and type ” esxcli system coredump network get” command to check the core dump status

You need to specify a vmkernel to send the traffic to the Dump Collecto, use ” esxcli system coredump network set -v <vmkernel> -i <IP Address of the collector/vCenter> -o <port>

Enable to collector configuration, type “esxcli system coredump network set -e true

Check the Core Dump configuration state again

Check the Core dump network status whether host can see the Core Dump server correctly, use ” esxcli system coredump network check” , if it is running correctly you can see ” Verified the configured netdump server is running” message

If you found this post as useful, rate the post and share it!

Click to rate this post!
[Total: 7 Average: 4.4]

3 responses

  1. James Avatar

    I am running 6.5U1d and I can not see any config for SYS log that you show in your screen shot. Any ideas why? MY host has Syslog enabled in the firewall. This has never changed.

    1. Aruna Lakmal Avatar
      Aruna Lakmal

      Syslog config is no longer valid for vCenter 6.5 or VCSA 6.5 you can configure remote syslog server to collect the logs.


      1. Kav Avatar

        omg ive been googling my brains out and the only place I found confirmation of its removal was your comment. Cant find anything official stating this ugh…

Leave a Reply

Your email address will not be published. Required fields are marked *