ESXi hosts or vSphere Appliance instances generate unstructured log data that can be analyzed in VMware Aria Operations for Logs (SaaS).

You use the VMware Aria Operations for Logs (SaaS) interface to configure ESXi hosts on a registered vCenter Server to push syslog data to VMware Aria Operations for Logs (SaaS).
Caution: Running parallel configuration tasks might result in incorrect syslog settings on the target ESXi hosts. Verify that no other administrator is configuring the ESXi hosts that you intend to configure.

For information about filtering syslog messages on ESXi hosts before messages are sent to VMware Aria Operations for Logs (SaaS), see Configure Log Filtering on ESXi Hosts in the VMware ESXi Installation and Setup guide.

For information about configuring syslog feeds from a vCenter Server Appliance, see Configuring the vCenter Server to Forward Log Events to VMware Aria Operations for Logs (SaaS).

Note: VMware Aria Operations for Logs (SaaS) can receive syslog data from ESXi hosts version 6.x and later.


  • Verify that the vCenter Server that manages the ESXi host is registered with your VMware Aria Operations for Logs (SaaS) service. Or, you can register the ESXi host and configure vCenter Server in a single operation.
  • Verify that you have user credentials with enough privileges to configure syslog on ESXi hosts.
    • Host.Configuration.Advanced settings
    • Host.Configuration.Security profile and firewall
    Note: You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected.
  • Verify that you are logged in to the VMware Aria Operations for Logs (SaaS) web user interface as an administrator.


  1. Click the two arrows icon in the upper-left corner of the screen to expand the main menu.
  2. Navigate to Configuration > vSphere Integration.
  3. Locate the vCenter Server instance that manages the ESXi host from which you want to receive syslog feeds, and click the instance.
  4. Select the Configure ESXi hosts to send logs to Operations for Logs (SaaS) check box.

    By default, VMware Aria Operations for Logs (SaaS) configures all reachable ESXi hosts of version 6.x and later to send their logs through UDP. ESX is not supported, and existing syslog targets on these hosts are not removed.

  5. (Optional) To modify the default configuration values, click Advanced Options. The ESXi hosts are listed with additional information such as host name, version, build, and whether they have been configured.
    Do the following:
    1. Select the Automatic or Manual option to configure hosts. If you select Automatic and then configure all the hosts, new hosts are automatically configured when added. If you select Manual and then configure all the hosts, you have to configure new hosts manually when added.
    2. Optionally, select TCP or SSL as the protocol to send logs.
      • The transmission speed with SSL is lower than TCP.
      • If the protocol is SSL, ESXi hosts do not accept the log forwarder’s certificates automatically. Ensure that you add the log forwarder’s self-signed certificate to the ESXi host’s truststore. For more information, see Add a Log Forwarder Certificate to an ESXi Host Truststore.
    3. Select one or more hosts and click Configure. If you configure all the hosts, newly added hosts are configured automatically or need manual configuration, based on your selection.
      You can also undo host configurations by clicking Unconfigure.
  6. Click Save.

What to do next

The ESXi host configurations are shown in the ESXi hosts configured column of the vCenter Server table. If the hosts are configured, you can click View details to view detailed information for the configured ESXi hosts.