Someone may have already written all this, but oh well.
1. Install something free like Ubuntu Server.
2. I use Ubuntu because I like Debian and apt-get. So run:
#apt-get install syslog-ng
Running Syslog-ng gives you more than the standard syslog daemon.
3. Configure syslog-ng to recieve udp logs.
root@hoth:/# cd /etc/syslog-ng/
root@hoth:/etc/syslog-ng# vi syslog-ng.conf
Add this after the main source section:
source s_remote {
udp();
};
After the destinations:
destination df_remote { file(“/var/log/remote.$HOST”); };
The $HOST will sort the logs by IP of the server.
And finally add this to the end of the syslog-ng.conf file:
log {
source(s_remote);
destination(df_remote);
};
Now Restart the syslog-ng service
root@hoth:/etc/syslog-ng# service syslog-ng restart
4. Make changes to the ESX syslog config. Thanks to Tooms.dk I have been using syslog-ng so much I needed to find the commands for standard syslog.
1. In the /etc/syslog.conf file add this line “*.* @172.16.0.202” without the ” and change the ip number to your syslog servers ip
2. Restart the syslog service with the command “service syslog restart”
3. Open the ESX server firewall with this command “esxcfg-firewall -o 514,udp,out,syslog” to allow syslog outgoing trafic
4. Tell the ESX firewall to reload the config with this command “esxcfg-firewall -l”
Now you can tail -r /var/log/remote.10.10.10.2 (or whatever your IP is).
For people who actually want to use the data generated by ESX, make sure to install Splunk (free).
Check out the how-to:
http://www.splunk.com/base/Community:VMwareESXSyslog
For people who actually want to use the data generated by ESX, make sure to install Splunk (free).Check out the how-to:http://www.splunk.com/base/Community:VMwareESXSyslog