The log filtering capability lets you modify the logging policy of the syslog service that is running on an ESXi host. You can create log filters to reduce the number of repetitive entries in the ESXi logs and to denylist specific log events entirely.

Starting with vSphere 7.0 Update 2, you to add logfilters and enable logfitering by using ESXCLI.

Log filters affect all log events that are processed by the ESXi host vmsyslogd service, whether they are recorded to a log directory or to a remote syslog server.

When you create a log filter, you set a maximum number of log entries for the log messages. Log messages are generated by one or more specified system components that match a specified phrase. You must enable the log filtering capability and reload the syslog daemon to activate the log filters on the ESXi host.
Important: Setting a limit to the amount of logging information restricts your ability to troubleshoot potential system failures properly. If a log rotate occurs after the maximum number of log entries is reached, you might lose all instances of a filtered message.

Prerequisites

Install ESXCLI. See Getting Started with ESXCLI. For troubleshooting, run esxcli commands in the ESXi Shell.

Procedure

  1. To get to the ESXCLI system syslog config logfilter, run a command such as:
    [root@xxx-xx-dhcp-xx-xx:~] esxcli system syslog config logfilter

    ESXCLI commands to configure logfilters follow this pattern: esxcli system syslog config logfilter {cmd} [cmd options]

  2. To get to the ESXCLI system syslog config logfilter, run a command such as:
    [root@xxx-xx-dhcp-xx-xx:~] esxcli system syslog config logfilter