Many VMware products offer remote syslog functionality, but some do not include all the logs that you may care about. In addition, some VMware products do not support remote syslog (e.g. VMware products like vCenter Server that run on Windows as Windows does not natively support syslog – more on this in a later post). If you are looking to collect logs from VMware products it is important to understand where the log files are located. Below you will find the appropriate log locations for many VMware products. A big thanks to my colleague Michael White for putting together this list and in particular the vCAC information!
- ESXi (for 4.x and greater if running vCenter Log Insight use configure-esxi!)
- 3.5 and 4.x – http://kb.vmware.com/kb/1016621
- 5.x – http://kb.vmware.com/kb/2003322
- vCenter Server Appliance (VCSA) – http://www.virtuallyghetto.com/2012/08/forwarding-vcenter-server-logs-to.html
- vCloud Automation Center (vCAC)
- Server – %programfiles(x86)%\VMware\vCAC\Server\Logs
- DEM Worker – %programfiles(x86)%\VMware\vCAC\Distributed Execution Manager\DEMWorker\Logs
- DEM Orchestrator – %programfiles(x86)%\VMware\vCAC\Distributed Execution Manager\DEMOrch\Logs
- Agent vSphere – %programfiles(x86)%\VMware\vCAC\Agents\vSphere-Agent-01\logs
- vCloud Director (vCD) – http://kb.vmware.com/kb/2004564
- vCloud Network and Security (vCNS) – http://blogs.vmware.com/vsphere/2013/02/configuring-syslog-servers-and-logging-in-vcloud-networking-and-security-5-1.html
- Some other VMware products – http://kb.vmware.com/kb/1021806
- Note on View – In View 5.2 you can configure it to send remote syslog, but this will ONLY send events. If you want all View server logs then follow the KB above.
Also, be sure to check out this link from William Lam for a great script and some additional log locations: http://www.virtuallyghetto.com/2013/06/forwarding-logs-from-vcloud-suite-to.html
© 2013, Steve Flanders. All rights reserved.
3 comments on “Configure Remote Syslog on VMware Products”
Thank you for your blog. I work for a company that has a proprietary Linux based monitoring solution. We have historically monitored Cisco IPT applications and have added Cisco UCS and vSphere to the mix as well.
My question concerns syslog “levels” which is in most applications a simple drop down option to make your selection.
You referrenced some good VMware articles that review the steps to configure syslog on ESXi. I’m familiar with those docs and everytime I come across them I wonder why they don’t cover where you set the syslog “level”.
Off the top of my head – within the vShere client, I know there is a Configuration>>Advanced Software setting that allows you to select vpxa and vpxa logging levels. Is this essentially equivalent to setting the “syslog level”?
Thank you for your reply!
Hey Amir — Yes, that would adjust the verbosity level, but again I would strongly advise against this 🙂 The level should not be changed unless VMware Support requests it be changed.
I work for a large Cisco remote managed service provider. Our clients are large national / global enterprises. With that, we have a massive amount of SNMP, syslog, API data pointed at our monitoring platform sitting at client sites. If we don’t tune the various decives at the source, we would have to rely simply on filtering them after they have arrived at our monitoring appliance. As such, for all the platforms we manage, we always tune down syslog to WARNING.
I have a case open with VMware support because lowering the logger settings in the C# client is not taking effect – even after restarting the management services.
The only way I have been able to actually reduce the logging levels is by editing the default logging level in each respective config.xml file. That simply isn’t practical when just one of our clients has 35 stations across the nations and each station has 4-6 hosts.
Thank you and look forward to gleaning some more insight from your blogs!