Configure Centralized Logging on ESXi 6 Hosts

In this post we will learn how to configure Esxi-6 hosts to send the logs to a centralized syslog server.

Purpose of configuring syslog server?

As per VMware KB-2003322

ESXi 5.0 and higher hosts run a syslog service (vmsyslogd) that provides a standard mechanism for logging messages from the VMkernel and other system components. By default in ESXi, these logs are placed on a local scratch volume or a ramdisk.

To preserve the logs further, ESXi can be configured to place these logs to an alternate storage location on disk and to send the logs across the network to a syslog server.

Retention, rotation, and splitting of logs received and managed by a syslog server are fully controlled by that syslog server. ESXi cannot configure or control log management on a remote syslog server.

How to configure Esxi hosts for centralized logging?

There are various ways to configure syslog settings on Esxi hosts. These includes:

1: Using esxcli command on Esxi host.

2: Using vSphere Web-Client.

3: Using vSphere Thick client.

4: Using PowerCli.

5: Using Host Profiles.

We will look individually on all available method one by one. Let’s get started.

Before configuring esxi hosts to send logs to syslog server, we need to have a syslog server in our environment. I have configured my syslog server on a CentOS 6 box following instructions illustrated here

I added additional 2 lines at the bottom of rsyslog.conf file so that all hosts should have their logs in their individual folder

Configuring Syslog Using esxcli utility

The command to configure syslog settings on Esxi hosts is esxcli system syslog config

Lets first see what are the available options with this command.

[root@esxi01:~] esxcli system syslog config set –help

With this command we have following options available:

Next is to retrieve the current syslog configuration.

As you can see Remote Host is currently set to none, which means there is no syslog server configured on Esxi host.

To set syslog server on host, we can use the below command

[root@esxi01:~] esxcli system syslog config set –loghost syslogsrv.alex.local

Next is to reload the syslog configuration

[root@esxi01:~] esxcli system syslog reload

Open the firewall ports for syslog on Esxi host

[root@esxi01:~] esxcli network firewall ruleset set -r syslog -e true

Test the connectivity to syslog server

[root@esxi01:~] nc -z syslogsrv.alex.local 514
Connection to syslogsrv.alex.local 514 port [tcp/shell] succeeded!

And that’s it. On checking /var/log/messages on my syslog server, I was able to see logs getting populated

Also i verified that under/var/log i have a folder for esxi01 host and it has all the log files from my host

Configuring syslog settings via Web-Client

To configure syslog on Esxi host via Web-Client, navigate to Host and Cluster and select Esxi host > Manage > Settings > Advanced System Settings and in search box type and verify value for

Also you can define following parameters:

  • True/False. Set to true will create individual directories per host (w/ host name) in the specified folder.
  • Max number of logs to keep locally. Does not effect the remote log server retention.
  • Max size (in KB) of each log file before it is rotated or rolled over.


If the value is empty, Edit the settings by clicking on the pencil icon and add the entry as shown below:


Open firewall posts for syslog server by Navigating to Security Profile and click on Edit button


Look for “syslog” rule and if the check box is not selected then select it and click “OK”


Under outgoing connections, verify syslog is now listing. If not then refresh web-client to see entry appears there or not.


Under Services, verify syslog server setting is listed as Running


Also verify syslog service startup policy is set to “Start and stop with host” if you want service to be persistent across host reboot.


Configuring Syslog via vSphere Thick Client

Select Esxi host and go to Configuration tab and select Advanced Settings. Locate Syslog and expand the settings and under global configuration verify if there is any entry for


If there are no settings present, enter a new one by adding udp://syslog-IP:514 and hit OK.


Under firewall settings, select the syslog service and hit OK.


Under Service Properties, verify Syslog Server is Running. if not select the service and click on Options button and set service policy to “Start and Stop with host” and start service.


Configuring syslog on Esxi hosts using PowerCli

1: Set the syslog server on all Esxi host using command


2: Open the firewall ports


3: Restart syslog service on all hosts


4: Confirm Esxi hosts syslog settings


Setting syslog via Host profile

Edit your Host Profile and expand Advanced Configuration Settings profile and locate setting. This is by default set to “Set the option to its default value”


Change the option to “Configure a fixed option” and provide the value of the option in formal protocol://syslogsrv-ip:port. Typically this is udp://syslogsrv-ip:514


Expand Security and Services profile and locate syslog. Checkmark the boxes under Ruleset.


Expand Service Configuration profile and add a sub-profile to it. Set service name as “vmsyslogd” and set service configuration to start and stop with host.


Save the host profile and navigate to Host and Cluster, select the cluster and check Esxi hosts for compliance. You will see your hosts as non-compliant if syslog server is not configured on hosts.

As expected one of my host was non-complaint with profile and was complaining about syslog settings not present on host.


I placed the host in MM and remediated it and things were back to green. Hosts were happy,cluster was also happy and compliant.


And that’s it. We have learnt 5 different ways in which hosts can be configured to send logs to a centralized syslog server. Happy syslogging!!!!

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂