An assortment of indigestible things

Getting ESXi 5.0 to use a remote syslog server

I just had a quick call with a very helpful VMware support guy about this. I’ve just upgraded my ESXi boxes from 4.1 to 5.0, but I wasn’t getting any messages at my remote syslog server any more. Here’s a quick guide to making it work.

First, set your syslog server on the ESXi hosts. You can either do this in vCenter, in Configuration -> Advanced settings:

or on the command line:

esxcli system syslog config set --loghost='udp://syslog-server:514'
esxcli system syslog reload

(just using a bare hostname seems to work just as well, but the example given in the vCenter configuration window suggests the syntax above. Obviously use your own hostname or IP address instead of ‘syslog-server’ :-))

Then you need to enable the ESXi firewall ruleset so that syslog packets are allowed out of the box (this is what was missing on my upgraded ESXi 5.0 hosts). I don’t know how to do this in vCenter, but the commands are

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
esxcli network firewall refresh

My hosts started syslogging immediately after the first command, so the second one may not be strictly necessary.

If you want to use the command line, remember that you have to enable the SSH service for each host (under ‘Security Profile’ in vCenter). Don’t forget to switch it off afterwards.

Pretty much the same information is available in this KB article, but without the pretty picture and the sarcasm.


Dying of AIDS? Cheer up: you’d have died eventually anyway!


Restoring datastore performance graphs after upgrading to vCenter 5.0U1


  1. Glad you got this worked out — note that if you configure either CIM Indications or SNMP traps — both these subsystems will automatically poke a hole in the firewall so one doesn’t have to make a support call wondering.

    /vmfs/volumes # esxcli network firewall ruleset rule list | grep dynamicruleset

    dynamicruleset Outbound TCP Dst 49152 49152
    dynamicruleset Outbound UDP Dst 1162 1162

  2. If you haven’t found it already, – to perform the firewall change in vCenter click on the desired host, then click the configuration tab. In the ‘Software’ box click the link that says ‘Security Profile’. There you can change firewall settings.

    • flup

      Thanks mate! I don’t use VMware stuff any more, but I’m sure many others will find your comment useful.

  3. Adnan

    excellent and to the point post… thanks a lot…

  4. Carlo

    This article helped me very much. Thank you!

  5. Eric


    I see this a pretty old topic but maybe you can help me. I have my esxi servers forwarded data to a syslog server but I want to limit which logs are sent. I don’t want all the logs in /scratch/log forwarded just specific ones. Is there a way configure this function because I haven’t been able to find one through all my searching. Tks in advance.

    • Ian Chard

      I don’t run vmware systems any more but I’ll leave this here in case others can help you.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress & Theme by Anders Norén