Send ESXi 5.0 Syslog to Splunk

1) Install Splunk. In my example, I use Linux as the Splunk server.

rpm -i splunk-4.3.4-136012-linux-2.6-x86_64.rpm

/opt/splunk/bin/splunk start

2) Go the web server http://dev-linux-01:8000 to open the TCP and UDP 514 port.

Do the same to open UDP port 514.

3) Login to the ESXi host to configure the remote syslog host.

esxcli system syslog config set --loghost='tcp://dev-linux-01:514'

Confirm the settings has been changed:

esxcli system syslog config get

   Default Rotation Size: 1024
   Default Rotations: 8
   Log Output: /vmfs/volumes/4f7ac000-74fed078-3c5d-5cf3fcad2d4a/Logs
   Log To Unique Subdirectory: true
   Remote Host: tcp://dev-linux-01:514

Open the outgoing port in firewall:

esxcli network firewall ruleset set –ruleset-id=syslog –enabled=true
esxcli network firewall refresh

Reload the syslog settings:

esxcli system syslog reload

Now you should be able to see the syslog coming from ESXi host in Splunk.

NOTE: ESXi uses UTC in log time stamp.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

	Use ChatGPT to check… on Why you need CodeGuru?
	AWS Config Advanced… on AWS Config Advance Queries aga…
	Gene on Fail to quiesce a virtual mach…
	Elisa Caldwell on TSM
	John on Ansible example – get di…
	RJI on Fail to quiesce a virtual mach…
	Serverless Ingress S… on Two Examples of using AWS Netw…
	Automate VPN failove… on Automate VPN connection and it…
	AWS IAM Roles Anywhe… on Setup AWS “Instance Prof…
	AWS Cost Anomaly Det… on Why QuickSight increases Cloud…

Share this:

Like this:

Related

Published by Jackie Chen

Leave a Reply Cancel reply