Cloud Lab-6 : How to Install and Configure VCenter Log Insight (Syslog) Server (Part 2)

LAB-6 TASKS (Part 2)

In this Lab we will perform following tasks

  1. Configure a ESXi Host for Syslog
  2. Configure a whole VCenter for Syslog
  3. Verify Configured ESXi Host or Configure manually
  4. Some useful Log Insight commands

1-Configure a ESXi Host for Syslog

VMware Log Insight comes with a script to help configure ESXi hosts to use the appliance as a syslog server. The “configure-esxi” script can be used to remotely configure the syslog settings of your hosts from the appliance itself:

To configure the single hosts. Run following command in syslog appliance console.

# configure-esxi -u root -s 10.10.6.228  -t 10.10.6.79

Where:

 -u (ESXi user name), -s (Source ESXi Host), -t (target, Syslog Server)

Cloud-Lab5-syslog25

NOTE: For see help of “configure-esxi” command you may run following cmd.
# configure-esxi –help

2-Configure a whole VCenter for Syslog

Configure vCenter does not mean to send vCenter logs into the syslog server .its mean all ESXi host in the vCenter are automatically configured.

To configure the all hosts in the vCenter run following command in syslog appliance console

#configure-esxi -u administrator@vsphere.local -s vc-mgmt.vmlab.com -t cloud-syslog.vmlab.com

Where:

 -u (vCenter user name), -s (Source vCenter Server), -t (target, Syslog Server)

Cloud-Lab5-syslog26

3-Verify Configured ESXi Host or Configure manually

Go to ESXi hosts “Advanced System Settings” option and set or verify the “Syslog.global.logHost” option to point to your syslog server as shown below.

Cloud-Lab5-syslog27

NOTE: in case if you configured your ESXi server for syslog manually you should open firewall port 514 outbound in your ESXi Server

Log Insight can use Syslog through UDP/TCP on port 514 and TCP on port 1514 (SSL).

Once we configure a device to send logs to Log Insight or enable vCenter Server integration, the web UI will become populated with data.

Cloud-Lab5-syslog28

To see the log click on interactive analytics button as highlighted

Cloud-Lab5-syslog29

Here is your log explore 

Cloud-Lab5-syslog30

4-Some useful Log Insight commands

To remove syslog

 For ESX

# configure-esxi -u root -s esxi-1-rg.vmlab.com –x cloud-syslog.vmlab.com

For all hosts in a VCenter

# configure-esxi -u administrator@vsphere.local -s mgmt-vc.vmlab.com com –x cloud-syslog.vmlab.com

Where:

-u = specify the user

-s = soruce hosts

-x = remove flag

 Query Current logged Hosts

For ESXi

# configure-esxi -u root -s esxi-1-rg.vmlab.com -q

For vCenter

# configure-esxi -u administrator@vsphere.local -s mgmt-vc.vmlab.com -q

Where:

-u = specify the user

-s = soruce hosts

-q = query

Restrict a query to Specific hosts in a VCenter

You can specify the “-h” flag to restrict the ESXi hosts on a vCenter Server instance to perform operations against#

# configure-esxi -u administrator@vsphere.local -s vc-mgmt.vmlab.com -h esxi-1-rg.vmlab.com, esxi-2-rg.vmlab.com -q

Where:

-u = specify the user

-s = soruce hosts

-h=list of hosts

-q = query

 Reload Syslog Configuration

You can reload the syslog configuration on an ESXi hosts

# configure-esxi -u root -s vc-mgmt.vmlab.com  -h esxi-1-rg.vmlab.com,esxi-2-rg.vmlab.com -r

 Where:

-u = specify the user

-s = soruce hosts

-h=list of hosts

-r = reload

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s