ESX/ESXi System logs location

image

Advertisements

How to configure syslog (kiwi) server for ESXi –Part-02

In Part-01 you saw how to do initial setup for syslog server and now in second part we need to understand some basic stuff.

First is getting used to interface. Most important among the set up is the configuration console

image

So once you click on the configuration console you have numerous option, I have used only two-three and I would be talking about them.

First is to create rule and filter. Most basic of this is, you need to create rule first and then filter, action. Then is to associate the action with the filter.

image

In above screen, you can see default option and associated filter and action for it. I have created a additional rule and called it as “Test Rule

Then created a filter for PZESXi-07.pzwaredu.com host and associated a action against it.

image

Action is very simple here, which says filter pzesxi-07(above) and show it on Display 01(as action)

image

And here is the ultimate results, you can see below I have selected Display 01 and it is only filtering pzesxi-07 logs only.

image

Next item is to confirm your DNS settings. Make sure you select “Resolve internal address using DNS server” (underline), this will make sure your hostname are correctly in the logs.

image

And final option is to schedule a task to archive the logs over a period of time. It is just again as simple as click, click

  • Open the configuration console again, right on the schedule and select add new schedule as shown below

image

  • Rename the task as per your convenience, as “Logs Archiving task”

image

  • Select the location where the live logs are dumped as source location

image

  • Select the destination location where you wish to archive them

image

  • Then there are numerous option to schedule the task, how to archive, protect the archive. They are very easy to understand.

Other option(less important) is of highlighting the results for better readability. Go to view menu and select highlighting option.

image

Select color of your choice and apply.

image

Some tests now

To check if we can compare the results, I purposely pushed PZESXi-09.pzwaredu.com into maintenance mode as shown below

image

Check the task pane for timing details

image

Now check syslog console for detail message. You can task completed at 11:59:33 and at nearly same time syslog gave us information that host is moved to maintenance mode (Click on the image for more clarity)

image

How to configure syslog(Kiwi) server for ESXi

Before I start anything, It is just 15 min task to configure syslog kiwi server, more information is available on the site specified

Basic Hardware: XP,Windows 2003, RAM128/256 MB RAM. In my case I used virtual machine.

Here I’m going to talk about how to install syslog server and configure it.

Step-by-Step

1. First download the syslog server less than 30 MB approx from the syslog site

2. Unzip the SyslogServer-v9-Eval.zip site and extract the content as shown below

image

3. double click Kiwi_Syslog_Server_9.0.3.Eval.setup.exe and follow the next-next windows style stuff

image

4. Press I agree (above)

5.Select Install as service as shown below

image

6. Create a domain service account and add it as admin of the server and enter the details in below screen

 image

7. Do not select below check box, it is optional, I skipped it

image

8. Next-Next Screen

image

9. Select the destination where you want to log file to go

image

10. Watch Screen

image

11.Finish and we are done…

image

12. Now let’s go to ESXi box and tell him someone is waiting for him

Navigate to ESXi host, go to the configuration tab as shown below and click on Advanced Settings (encircled Red)

image

13. Below window open up and Select syslog settings, then remote and then enter the syslog server’s ip address or host name. In my case it is syslogsvc.pzwaredu.com

image

14. This is bare minimum you need to do. Once this is done go to syslog server and see the action as show below

image

15. In next blog I will show how to do some post installation tasks on syslog server

Exporting inventory of vCenter

It is quite interesting to know that you can export vcenter inventory in well formatted html file. Just select any of inventory be it event, task or some other pane. Just select it and click on file menu and export to list as shown below

image

And the output is shown below. It quite neat and easily readable with details. In my case I selected tasks of entire ESXi cluster object.

image

In Second example I’ve you selected events of ESXi cluster

image

And out is again of same quality. Neat and clean.

image

Export Diagnostic Data

Exporting diagnostic data is extremely important knowledge repository. It primarily need when you need a vmware support and it can be of great help if you wish to troubleshoot vSphere problem. There are several ways to collect the data.

  1. vCenter
  2. Directly from ESXi host
  3. Connecting to ESX host and using vm-support option

From vCenter go to the Administration-> Server Settings i.e (Ctrl + Shift + I)

image

(Optional) Change the logging level to Verbose  it is information by default.

image

Click on Administration, select export system log

image

Select the esxi server whose diagnostic data you wish to export and it’s destination

image

Check the recent task status below

image

Once task is completed, you below screen which confirms if export was done without error.

image

NTP

Why NTP is important for ESX/ESXi host?

it is very important the ESX/ESXi report accurate timings for following reasons

  1. For accurate performance graph
  2. For accurate timestamps in system logs
  3. VM report accurate time if they are synchronizing their time with host

NTP client is default installed on ESX Host, but needs to be enabled. This client can be configured directly to talk with NTP server or can be configured to internal NTP Server.You can specific one or more NTP server.

hostd.log and messages are the log files where entries are made when ESX/ESXi boots and while system is up & running.

VMkernel,VMkwarning,VMKsummary.txt tracks service console availability.