The log filtering capability lets you modify the logging policy of the syslog service that is running on an ESXi host. You can create log filters to reduce the number of repetitive entries in the ESXi logs and to denylist specific log events entirely.
Log filters affect all log events that are processed by the ESXi host vmsyslogd daemon, whether they are recorded to a log directory or to a remote syslog server.
- Log in to the ESXi Shell as root.
- In the /etc/vmware/logfilters file, add the following entry to create a log filter.
numLogs | ident | logRegexpwhere:
For example, to set a limit of maximum two-log entries from the hostd component for messages that resemble the SOCKET connect failed, error 2: No such file or directory phrase with any error number, add the following entry:
- numLogs sets the maximum number of log entries for the specified log messages. After reaching this number, the specified log messages are filtered and ignored. Use 0 to filter and ignore all the specified log messages.
- ident specifies one or more system components to apply the filter to the log messages that these components generate. For information about the system components that generate log messages, see the values of the idents parameters in the syslog configuration files. The files are located in the /etc/vmsyslog.conf.d directory. Use a comma-separated list to apply a filter to more than one system component. Use * to apply a filter to all system components.
- logRegexp specifies a case-sensitive phrase with Python regular expression syntax to filter the log messages by their content.
2 | hostd | SOCKET connect failed, error .*: No such file or directoryNote: A line starting with
#denotes a comment and the rest of the line is ignored.
- In the /etc/vmsyslog.conf file, add the following entry to enable the log filtering capability.
enable_logfilters = true
- Run the esxcli system syslog reload command to reload the syslog daemon and apply the configuration changes.