Back in May of last year I wrote about how ESXi would stop sending syslog messages to remote syslog destinations if a remote syslog destination became unavailable. I would like to provide an exciting update to this story!
VMware released the following KB article: VMware ESXi 5.x host stops sending syslogs to remote server, which impacted the following versions of ESXi:
- UDP ESXi 5.0 and 5.0 update 1
- TCP ESXi 5.0.x and 5.1.x
With the release of ESXi 5.5, the syslog bug with TCP was fixed even though it is not documented in the release notes. The issue though is that plenty of people are still running ESXi 5.0.x and 5.1.x.
The workaround to the bug was to restart the syslog process on each ESXi host that was impacted. If you have Log Insight then you can use either the configure-esxi script (if running Log Insight 1.0 GA) or vSphere integration (if running Log Insight 1.5 GA) to automate this task for you… until now!
TCP bug fixes now available!
I am happy to announce that with the latest round of patches that were released by VMware, the TCP syslog bug has been backported and fixed:
- ESXi 5.0 patch 7
The ESXi 5.x host stops sending syslog messages to remote log server when the network connection to the remote log server is interrupted. This occurs when you use TCP or SSL to configure the syslog server. However, the host does not automatically resume remote logging after the network connection is restored.
- ESXi 5.1 update 2
TCP, SSL remote logging does not restart automatically after a network interruption
VMware ESXi 5.x host configured with TCP/SSL remote syslog stops sending syslogs to remote log server when the network connection to the remote log server is interrupted and restored.
This issue is resolved by adding a Default Network Retry Timeout and the host retries to send syslog after Default Network Retry Timeout. The default value of Default Network Retry Timeout is 180 seconds. The command esxcli system syslog config set –default-timeout= can be used to change the default value.
This issue is resolved in this release.
© 2014, Steve Flanders. All rights reserved.