vrandom yet another random IT blog

esxi syslog configuration

Overview

Here we will detail how to easily bulk configure ESXi hosts to forward syslog messages to a remote host.

Solution

In order to achieve this we will be utiling the below PowerShell script to configure all the hosts appropriately.

$vc = "vc.vrandom.com"
$logger = "syslog.vrandom.com"
Connect-VIServer $vc #also add any -Username or -Password options required
Get-VMHost -State "Connected" | Where-Object { $_.ExtensionData.Config.Product.ProductLineId -eq "embeddedEsx" } | %{
	$setting = Get-AdvancedSetting -Entity $_ -Name Syslog.global.logHost
	$l = "udp://${logger}:514"
	if ($setting.value -ne $l) {
		Write-Host $l
		$setting | Set-AdvancedSetting -Confirm:$false -Value $l
    		$_ | Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true
		$esxcli = Get-EsxCli -VMHost $_
		$esxcli.system.syslog.reload()
	}
}

How does this work?

Stepping through this script we can see how it works, firstly we set some variables we’ll use later on, and connect to a VirtualCenter Server:

$vc = "vc.vrandom.com"
$logger = "syslog.vrandom.com"
Connect-VIServer $vc #also add any -Username or -Password options required
Then we will loop through each VMHost (hypervisor) that is currently in a ‘connected’ state. We will then also additional ensure that these are ESXi hosts, this is because the process for old style ESX hosts is different, and will cause errors if you try to utilize this method. Finially this line ends with a “ {“ which causes PowerShell to execute the lines which follow for each VMHost.
Get-VMHost -State "Connected" | Where-Object { $_.ExtensionData.Config.Product.ProductLineId -eq "embeddedEsx" } | %{

Now we are going to fetch the advanced settings for the host, pulling the syslog setting specifically. Once this is done we check whether the syslog configuration is already set to the correct host. (we don’t want to keep reconfiguring hosts unnecessarily)

$setting = Get-AdvancedSetting -Entity $_ -Name Syslog.global.logHost
$l = "udp://${logger}:514"
if ($setting.value -ne $l) {

As the syslog setting is incorrect, lets set it to the right value.

$setting | Set-AdvancedSetting -Confirm:$false -Value $l

This isn’t all thats required as we also need to ensure both the firewall is open, and that the syslog daemon is restarted, esxcli is required for this.

$_ | Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true
$esxcli = Get-EsxCli -VMHost $_
$esxcli.system.syslog.reload()

Hope this saves you some time. FIN