0.) SSH to CentOS 7 server and login as a root user.
1.) Open port 514 on CentOS 7.(We will use udp for syslog)
# firewall-cmd --add-port=514/udp
# firewall-cmd --add-port=514/udp --permanent
2.) Edit /etc/rsyslog.conf uncommenting following 2 lines:
# vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
3.) Restart rsyslogd service
# systemctl restart rsyslogd
4.) SSH to ESXi server with root credentials
5.) Check if syslog is enabled in firewall ruleset
# esxcli network firewall ruleset list | grep syslog
syslog false
# esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
# esxcli network firewall refresh
# esxcli network firewall ruleset list | grep syslog
syslog true
7.) Configure the central syslog server IP address
# esxcli system syslog config set --loghost='udp://172.30.0.40:514'
esxcli system syslog reload
8.) Send the message to the vmkernel log to check if it received by central syslog server:
# esxcli system syslog mark -s "VMware LOG !!"
9.) On CentOS 7 server you can check message log if the message was received.
# tailf /var/log/message
10.) To troubleshoot potential isssue you can use tcpdump tool
On ESXi run : # tcpdump-uw -vv -i vmk0 dst 172.30.0.40
On CentOS 7 run : # tcpdump -n -i eno33557248 port 514
You can monitor if the messages are sent and received.
The end.
No comments:
Post a Comment