Centralized ESXi Logs: Quick Guide to Syslog Configuration (WebUI & CLI)

Configuring syslog on your ESXi host is essential for centralized logging and efficient monitoring. Having your logs centrally managed simplifies troubleshooting and helps with compliance and security audits. Below you’ll find an easy-to-follow guide for setting up syslog both via the WebUI and CLI. Don’t forget to verify connectivity and regularly check your centralized logs for effective monitoring.

Configure Syslog Service (vmsyslogd) on ESXi for Remote Logging

1. Configure Syslog Using the vSphere Client

Log in to the vSphere Client and select your ESXi host.

• Navigate to the Configure tab.
• Under System, click on Advanced System Settings.
• Click Edit to modify settings.
• Filter for Syslog.global.logHost.
• Enter your syslog server details in the format tcp://hostname:514 or udp://hostname:514 in my case udp://10.20.55.44:514 or with DNS name udp://syslog:514
• Click OK to apply the changes.

2. Open Firewall Ports for Syslog Traffic

Enable Syslog in Firewall Rules:

• Still under the Configure tab, go to Networking > Firewall > Ougoing connections.
• Click EDIT….
• Filter for syslog

• Click on Checkboxand Click OK.
• Now you should see “syslog” in outgoing firewall rules.

3. Verify Connectivity to the Syslog Server

Test Network Connection:

• Access the ESXi Shell or use SSH to connect to your ESXi host.
• Run the command: nc -zu 10.20.55.44 514
• If the connection is successful, it confirms that the ESXi host can reach the syslog server on the specified port. if you have some troubles see my blog post about troubleshooting syslog communication here → https://vpxd.dc5.cz/index.php/2025/02/22/esxi-to-syslog-troubleshooting-connectivity-issues-like-a-pro/

4. Configure Syslog Using ESXCLI Commands (CLI Method)

Set the Remote Syslog Server:

• Open a console session to your ESXi host.
• Execute:

esxcli system syslog config set --loghost='udp://syslog:514’

Apply the New Configuration:

esxcli system syslog reload

Check the syslog configuration

esxcli system syslog config get

Open Firewall Ports:

• Enable the syslog firewall rule with:

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true

Refresh the firewall settings:

esxcli network firewall refresh

Check the ruleset

esxcli network firewall ruleset rule list | grep syslog

Tips & Tricks

• Verify firewall rules to allow syslog traffic.
• Use consistent naming conventions for easier log analysis.
• Regularly backup your syslog configuration settings.

By following these simple steps and best practices, you’ll ensure your ESXi host remains efficiently monitored, secure, and compliant.

VMware related KB 318939: https://knowledge.broadcom.com/external/article/318939/