Setting up Syslog messaging for ESXi/vSphere is a pretty simple task. Set the logging Host and update the firewall to permit the outbound connection on port 514. But if you have multiple hosts and are not licensed for Host Profiles this is a lot of clicking around and duplication of effort. Here I offer my solution using PowerCLI
VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell and provides more than 600 cmdlets for managing and automating vSphere, vCloud, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments. Currently, PowerCLI is at version 11.2.0
You can download PowerCLI from the PowerShell Gallery or use PowerShellGet
Install-Module -Name VMware.PowerCLI
This script currently assumes your Syslog log collector is listening on UDP port 514, future updates will allow for both the port and protocol to be configured via Parameters. Lets walk through the script….
- Firstly you are prompted for Credentials using Get-Credential, this is PowerShell’s built in authentication prompt dealing with converting to secure passwords
- We connect to the vSphere Host using Connect-VIServer and passing in the credentials supplied
- We get the VMHost object for the Host using Get-VMHost
- We get the AdvancedSetting object for the following settings and pass in our new values:
- Syslog.global.logHost
- Config.HostAgent.log.level
- Vpx.Vpxa.config.log.level
- Next, get the Firewall Exception setting for the rule named ‘syslog’ and enable it, assuming we are still using UDP Port 514
- Finally, we close the connection to the Host using Disconnect-VIServer so we don’t leave the session open.
#Requires -Module VMware.VimAutomation.Core
function Set-VMHostSyslogServer
{
[CmdletBinding(SupportsShouldProcess, ConfirmImpact='Medium')]
Param
(
[Parameter(Mandatory,HelpMessage='IP Address for VMHost')][string]$VMHost,
[Parameter(Mandatory,HelpMessage='IP Address for Syslog Collector')][string]$syslogcollector
)
Process
{
$creds = Get-credential -Message "Please provide credentials to connect to $VMHost"
Connect-VIServer -Server $VMHost -Credential $creds -Force
$vmhost = get-vmhost
Get-AdvancedSetting -Entity $vmhost -Name Syslog.global.logHost | Set-AdvancedSetting -Value "udp://${syslogcollector}:514}"
Get-AdvancedSetting -Entity $vmhost -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value 'info'
Get-AdvancedSetting -Entity $vmhost -Name Vpx.Vpxa.config.log.level | Set-AdvancedSetting -Value 'info'
$vmhost| Get-VMHostFirewallException | Where-Object{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true
Disconnect-VIServer
}
}
Feel free to download the current module from my GitHub Repository, or submit bugs and feature requests.
