Tag Archives: syslog

How to redirect vSphere Platform Services Controller syslog

I use vRealize Log Insight as my log management platform, so I’d like all components of SDDC to direct the syslog to it. I am using an external Platform Services Controller, and I do not see my Log Insight receiving log entries from the hostname (or source) of my PSC.

It turned out that you have to configure it. It is not automatically configured when you added a vCenter in Log Insight.

Login to your vCenter with an account with administrator privilege. I use Administrator@vSphere.local as I do not configure my vSphere admin to have the full privilege.

From there, go to Administration. Under the Deployment group, choose System Configuration. It will take you to the following screen. From there, click on Nodes. Your list of vCenter and PSC will be shown.

0

Double click on the PSC that you want to configure. Click on the Services, and you will see the Syslog Service. You can see that the Health is good and it’s running.

00

Click on the VMware Syslog Service. It will show you that it is not yet configured.

1

Simply configure it. Here is mine as an example.

2

It says restart required. So I restarted mine. Wait a few minute, and the entries start showing up! In my case, the hostname is core-platform-sc-1, so all I need is to filter Log Insight entries to just show entries from this hostname.

3

If you have multiple PSC, you need to do it for each one by one.

vRealize Operations 6 redirect to syslog server

The steps to redirect to an external syslog server (e.g. Log Insight) has changed in version 6. You can do it via the UI, and there are 2 places to set.

The first one is for the main log. Click on the screenshot below to see where the log is configured. I only have 1 instance of the vRealize Operations (which I think is enough for most use case). There are different components of vRealize Operations, and each has its own log configuration.

20 syslog

You need to click on each of the component one by one. You cannot set it at the instance level. The “Settings” icon is greyed out when you select the instance. In the screenshot below, I selected the “Collector” component. I then clicked on the “Settings” icon. It opened a dialog box, as shown below. From the dialog box, you just need to specify the syslog server. Port 514 is the default port for syslog.

21 syslog - gotta do one by one

You need to do it for every component that you want to log. In the screenshot below, I did it for the “web” component.

22 syslog - gotta do one by one

Note that not all components have log. You will get a pop up telling you that there is no log option, as per the screenshot below.

23 syslog - most do not have

All the above is for the product logs. You should also track the security logs, which are configured in a different place. Follow the screenshot below. Click on the icon (I highlighted in red). A small dialog box will pop up, as shown below.

23 syslog - Audit has a different UI

That’s it!

I use Log Insight as my syslog server. You can see that the data showing up in the screenshot below

24 syslog - result - need management pack

At the time of writing, there is no content pack yet for vRealize Operations 6. The content pack covers version 5.x