In Part-01 you saw how to do initial setup for syslog server and now in second part we need to understand some basic stuff.
First is getting used to interface. Most important among the set up is the configuration console
So once you click on the configuration console you have numerous option, I have used only two-three and I would be talking about them.
First is to create rule and filter. Most basic of this is, you need to create rule first and then filter, action. Then is to associate the action with the filter.
In above screen, you can see default option and associated filter and action for it. I have created a additional rule and called it as “Test Rule”
Then created a filter for PZESXi-07.pzwaredu.com host and associated a action against it.
Action is very simple here, which says filter pzesxi-07(above) and show it on Display 01(as action)
And here is the ultimate results, you can see below I have selected Display 01 and it is only filtering pzesxi-07 logs only.
Next item is to confirm your DNS settings. Make sure you select “Resolve internal address using DNS server” (underline), this will make sure your hostname are correctly in the logs.
And final option is to schedule a task to archive the logs over a period of time. It is just again as simple as click, click
- Open the configuration console again, right on the schedule and select add new schedule as shown below
- Rename the task as per your convenience, as “Logs Archiving task”
- Select the location where the live logs are dumped as source location
- Select the destination location where you wish to archive them
- Then there are numerous option to schedule the task, how to archive, protect the archive. They are very easy to understand.
Other option(less important) is of highlighting the results for better readability. Go to view menu and select highlighting option.
Select color of your choice and apply.
Some tests now
To check if we can compare the results, I purposely pushed PZESXi-09.pzwaredu.com into maintenance mode as shown below
Check the task pane for timing details
Now check syslog console for detail message. You can task completed at 11:59:33 and at nearly same time syslog gave us information that host is moved to maintenance mode (Click on the image for more clarity)
Before I start anything, It is just 15 min task to configure syslog kiwi server, more information is available on the site specified
Basic Hardware: XP,Windows 2003, RAM128/256 MB RAM. In my case I used virtual machine.
Here I’m going to talk about how to install syslog server and configure it.
1. First download the syslog server less than 30 MB approx from the syslog site
2. Unzip the SyslogServer-v9-Eval.zip site and extract the content as shown below
3. double click Kiwi_Syslog_Server_9.0.3.Eval.setup.exe and follow the next-next windows style stuff
4. Press I agree (above)
5.Select Install as service as shown below
6. Create a domain service account and add it as admin of the server and enter the details in below screen
7. Do not select below check box, it is optional, I skipped it
8. Next-Next Screen
9. Select the destination where you want to log file to go
10. Watch Screen
11.Finish and we are done…
12. Now let’s go to ESXi box and tell him someone is waiting for him
Navigate to ESXi host, go to the configuration tab as shown below and click on Advanced Settings (encircled Red)
13. Below window open up and Select syslog settings, then remote and then enter the syslog server’s ip address or host name. In my case it is syslogsvc.pzwaredu.com
14. This is bare minimum you need to do. Once this is done go to syslog server and see the action as show below
15. In next blog I will show how to do some post installation tasks on syslog server
It is quite interesting to know that you can export vcenter inventory in well formatted html file. Just select any of inventory be it event, task or some other pane. Just select it and click on file menu and export to list as shown below
And the output is shown below. It quite neat and easily readable with details. In my case I selected tasks of entire ESXi cluster object.
In Second example I’ve you selected events of ESXi cluster
And out is again of same quality. Neat and clean.
Exporting diagnostic data is extremely important knowledge repository. It primarily need when you need a vmware support and it can be of great help if you wish to troubleshoot vSphere problem. There are several ways to collect the data.
- Directly from ESXi host
- Connecting to ESX host and using vm-support option
From vCenter go to the Administration-> Server Settings i.e (Ctrl + Shift + I)
(Optional) Change the logging level to Verbose it is information by default.
Click on Administration, select export system log
Select the esxi server whose diagnostic data you wish to export and it’s destination
Check the recent task status below
Once task is completed, you below screen which confirms if export was done without error.
Why NTP is important for ESX/ESXi host?
it is very important the ESX/ESXi report accurate timings for following reasons
For accurate performance graph
For accurate timestamps in system logs
VM report accurate time if they are synchronizing their time with host
NTP client is default installed on ESX Host, but needs to be enabled. This client can be configured directly to talk with NTP server or can be configured to internal NTP Server.You can specific one or more NTP server.
hostd.log and messages are the log files where entries are made when ESX/ESXi boots and while system is up & running.
VMkernel,VMkwarning,VMKsummary.txt tracks service console availability.