ESXi hosts or vCenter Server Appliance instances generate unstructured log data that can be analyzed in vRealize Log Insight.

About this task

You use the vRealize Log Insight Administration interface to configure ESXi hosts on a registered vCenter Server to push syslog data to vRealize Log Insight.

Caution:

Running parallel configuration tasks might result in incorrect syslog settings on the target ESXi hosts. Verify that no other administrative user is configuring the ESXi hosts that you intend to configure.

A vRealize Log Insight cluster can use an integrated load balancer to distribute ESXi and vCenter Server Appliance syslog feeds between the individual nodes of the cluster.

For information on filtering syslog messages on ESXi hosts before messages are sent to vRealize Log Insight, see the Configure Log Filtering on ESXi Hosts topic in the Setting Up ESXi section, of the vSphere Installation and Setup guide.

For information on configuring syslog feeds from a vCenter Server Appliance, see Configure vCenter Server to Forward Log Events to vRealize Log Insight.

Note:

vRealize Log Insight can receive syslog data from ESXi hosts version 5.5 and later.

Prerequisites

  • Verify that the vCenter Server that manages the ESXi host is registered with your vRealize Log Insight instance. Or, you can register the ESXi host and configure vCenter Server in a single operation.

  • Verify that you have user credentials with enough privileges to configure syslog on ESXi hosts.

    • Host > Configuration > Advanced settings

    • Host > Configuration > Security profile and firewall

    Note:

    You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected.

Procedure

  1. Click the configuration drop-down menu icon and select Administration.
  2. Under Integration, click vSphere.
  3. Locate the vCenter Server instance that manages the ESXi host from which you want to receive syslog feeds.
  4. Select the Configure ESXi hosts to send logs to Log Insight check box.

    By default, vRealize Log Insight configures all reachable ESXi hosts of version 5.5 and later to send their logs through UDP.

  5. (Optional) : To modify the default configuration values, click Advanced Options.
    • To change the protocol for all ESXi hosts, select Configure all ESXi hosts, select a protocol, and click OK.

    • To set up specific ESX hosts logging only or to change the protocol for selected ESXi hosts, use the following steps:

      1. Select Configure specific ESXi hosts.

      2. Select one or more hosts from the Filter by host list.

      3. Set protocol value.

      4. Click OK.

  6. (Optional) : If you are using clusters, open the drop-down menu for the Target text box and select the hostname or IP address for the load balancer that distributes syslog feeds.
  7. Click Save.