If logs are not received by the remote log server, perform the following steps.

  • Verify the remote log server's IP address.

  • Verify that the level parameter is configured correctly.

  • Verify that the facility parameter is configured correctly.

  • If the protocol is TLS, set the protocol to UDP to see if there is a certificate mismatch.

  • If the protocol is TLS, verify that port 6514 is open on both ends.

  • Remove the message ID filter and see if logs are received by the server.

  • Restart the rsyslog service with the command restart service rsyslogd.

A sample rsyslog configuration file (/etc/rsyslog.conf):

### rsyslog config file. Customized by VMware.
### Do not edit this file by hand. Use the API to make changes.
$PreserveFQDN on
$ModLoad imklog
$ModLoad immark
module(load="imuxsock" sysSock.useSpecialParser="off")
$RepeatedMsgReduction on
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
$IncludeConfig /etc/rsyslog.d/*.conf
$template RFC5424fmt,"<%PRI%>1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
$WorkDirectory /var/spool/rsyslog
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
$PrivDropToUser syslog
$ActionQueueType LinkedList  # nsx exporter: e7347687-8be7-4519-a8e1-73c5192c9b43
*.info @1.2.3.4:514;RFC5424fmt  # nsx exporter: e7347687-8be7-4519-a8e1-73c5192c9b43