KIWI Syslog server to collect ESXi logs. In my article about configuring vMA as a destination of log files of ESXi hosts I explained how to put in place a solution provided by VMware to collect those log files. Andy Grant which did a nice guest post goes even further adding the possibility to use Splunk to present those logs better manner then through the vMA.
There is another way to collect logs of your ESXi host. You can use Kiwi Syslog Server – free version. You can install it on your management workstation or directly on vCenter if you want. It's easy to setup.
The product is compatible with several windows systems – Microsoft Windows Server 2008 R2, but also compatible with Windows 2003/XP/Vista/2008/2008R2/7).
During the installation process the application check the prerequisites and download those which are missing on your system. When the download finished, those applications launch their installation program one after another. Pretty convenient..
With the download there are 2 files actually. The Solarwinds Syslog server, Kiwi Syslog forwarder (as a trial). For my purpose I used only the Syslog server.
The setup is fairly easy. There is nothing to do on the Syslog server itself, but to start receive the messages from your ESS(i) hosts, you must tell to your ESXi where to send those messages.
Basically the steps are as follows:
01. Select your ESXi host
02. Click Configuration > Advanced Settings > Syslog
03. Enter the IP address of your Syslog server. (in my case the Free Syslog server is installed on the same machine as my vCenter.
04. At the same time you change the location of the files.
In the Syslog.Local.DatastorePath text box, enter the datastore path to the file where syslog will log messages. The datastore path should be of the form [datastorename] path_to_file, where the path is relative to the root of the volume backing the datastore.
Make sure that that directory has been previously created. In my case I just used the datastore browser to create that directory – logs – on my datastore called NAS.
In my case: datastore path in [datastorename] path_to_file format:
[NAS]/logs/esxi4-01.log
In this example, the datastore path [NAS]/logs would map to the path /vmfs/volumes/NAS/var/log/messages. If no path is specified, the default path is /var/log/messages.
After the messages and the IP address bein setup, you should immediately start to receive the messages comming from your ESXi server.
With that said it super fast and super easy to start receiving syslog messages from your ESXi server.
Enjoy… -:)
Source: Enabling syslog on ESXi
