ESXi hosts or vCenter Server Appliance instances generate unstructured log data that can be analyzed in VMware Aria Operations for Logs.

You use the VMware Aria Operations for Logs Integration interface to configure ESXi hosts on a registered vCenter Server to push syslog data to VMware Aria Operations for Logs.
Caution: Running parallel configuration tasks might result in incorrect syslog settings on the target ESXi hosts. Verify that no other user is configuring the ESXi hosts that you intend to configure.

A VMware Aria Operations for Logs cluster can use an integrated load balancer to distribute ESXi and vCenter Server Appliance syslog feeds between the individual nodes of the cluster.

For information on filtering syslog messages on ESXi hosts before messages are sent to VMware Aria Operations for Logs, see the Configure Log Filtering on ESXi Hosts topic in the Setting Up ESXi section, of the vSphere Installation and Setup guide.

For information on configuring syslog feeds from a vCenter Server Appliance, see Configure vCenter Server to Forward Log Events to VMware Aria Operations for Logs.

Note: VMware Aria Operations for Logs can receive syslog data from ESXi hosts version 5.5 and later.

Prerequisites

  • Verify that the vCenter Server that manages the ESXi host is registered with your VMware Aria Operations for Logs instance. Or, you can register the ESXi host and configure vCenter Server in a single operation.
  • Verify that you have user credentials with enough privileges to configure syslog on ESXi hosts.
    • Host.Configuration.Advanced settings
    • Host.Configuration.Security profile and firewall
    Note: You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected.

Procedure

  1. Expand the main menu and navigate to Integration > vSphere.
  2. In the vCenter Server table, locate the vCenter Server instance that manages the ESXi host from which you want to receive syslog feeds and click Edit.
  3. Select the Configure ESXi hosts to send logs to Operations for Logs check box in the opened edit view.

    By default, VMware Aria Operations for Logs configures all reachable ESXi hosts of version 5.5 and later to send their logs through UDP.

  4. (Optional) To modify the default configuration values, click Advanced Options.
    • To change the protocol for all ESXi hosts, select Configure all ESXi hosts, select a protocol, and click OK.
    • To set up specific ESXi hosts logging only or to change the protocol for selected ESXi hosts, use the following steps:
      1. Select Configure specific ESXi hosts.
      2. Select one or more hosts from the Filter by host list.
      3. Select the syslog protocol.
        Note: If you select SSL as your syslog protocol, you must manually download the VMware Aria Operations for Logs certificate and add it to the ESXi certificate store for each ESXi host you configure in step 4b.
      4. Click OK.
  5. (Optional) If you are using clusters, open the drop-down menu for the Target text box and select the hostname or IP address for the load balancer that distributes syslog feeds.
  6. Click Save.

What to do next

The ESXi host configurations are shown in the ESXi hosts configured column of the vCenter Server table. If the hosts are configured, you can click View details in the hosts configured column to view detailed information for the configured ESXi hosts.