Central Syslog Host for ESX – Syslog-ng

Someone may have already written all this, but oh well.

1. Install something free like Ubuntu Server.

2. I use Ubuntu because I like Debian and apt-get. So run:

#apt-get install syslog-ng

Running Syslog-ng gives you more than the standard syslog daemon.

3. Configure syslog-ng to recieve udp logs.

[email protected]:/# cd /etc/syslog-ng/
[email protected]:/etc/syslog-ng# vi syslog-ng.conf

side note: learn VI

Add this after the main source section:

source s_remote {
udp();
};

After the destinations:

destination df_remote { file(“/var/log/remote.$HOST”); };

The $HOST will sort the logs by IP of the server.

And finally add this to the end of the syslog-ng.conf file:

log {
source(s_remote);
destination(df_remote);
};

Now Restart the syslog-ng service

[email protected]:/etc/syslog-ng# service syslog-ng restart

4. Make changes to the ESX syslog config. Thanks to Tooms.dk I have been using syslog-ng so much I needed to find the commands for standard syslog.

1. In the /etc/syslog.conf file add this line “*.* @172.16.0.202” without the ” and change the ip number to your syslog servers ip

2. Restart the syslog service with the command “service syslog restart”

3. Open the ESX server firewall with this command “esxcfg-firewall -o 514,udp,out,syslog” to allow syslog outgoing trafic

4. Tell the ESX firewall to reload the config with this command “esxcfg-firewall -l”

Now you can tail -r /var/log/remote.10.10.10.2 (or whatever your IP is).

2 Replies to “Central Syslog Host for ESX – Syslog-ng”

Leave a Reply

Your email address will not be published. Required fields are marked *