Reading Time: 2 minutes, 41 secs

Add vCenter Logs to Syslog Server (GrayLog2)

In this article I will be showing you how to add vCenter logs to a syslog server, I currently use GrayLog2 as its a great free syslog server and does everything that I require.

First we want to install NxLog on our vCenter Server, This will be our syslog client.

To configure NxLog go to: c:\Program Files (x86)\nxlog\conf and edit nxlog.conf with a word editor.

Add the following configuration into the file:

If you don’t want to log EventLogs to the Syslog Server just remove route 1 from the file or place # before each line.

The Config Explained:

The below code will load the module for Gelf communications, if you didn’t want to use gelf this could be changed to syslog.

We then set our inputs, inputs provide information that we want to log to our syslog server, they are then translated by nxlog into a format that our syslog server will understand. As you can see from the code the EventLog is quite simple as there is a plugin specifically for this, but for vCenter Log Files we need to use the im_file module that will allow us to parse a text log file, we can then specify custom parameters to meet our requirements, i have included hostname, message, filename and sourcename but you could also split the $raw_event (your raw data) and log many more fields if required.

We then set where each log should be sent, as you can see i have a different output for each log type, you don’t need to do this but it makes it easier to see what is logging where in GrayLog2. You should only need to change the host to your syslog server and the port to your port (default 514) I change mine as each type of log has its own port.

The Route tells NxLog which output to send inputs to. In my example I have 2 routes the 1st one tells the eventlogs_in to be sent to eventlogs_out and the 2nd does the same but for the VPXD logs, you could use one route if you were only having one output by using a comma to seperate vpxd_in and eventlog_in (e.g. EventLog_in,VPXD_In => MyCustom_Out)

Once this configuration has been completed we need to configure an output in GrayLog2 for each of our NxLog outputs, My example just shows how to do this for the VPXD log but it is the same for any log.

  • Login to GrayLog2 Web Interface
  • Go To System > Inputs
  • Select GELF UDP from the dropdown
  • Click Launch New Input
  • Tick Global Input or a specific GrayLog2 Server depending on your setup
  • Enter a Title e.g. VPXD Logs
  • Enter a port that you specified in the NxLog configuration (this must be unique)
  • Click Launch

You should now start to see the logs pouring in, vCenter does generate a LOT of logs so you may want to keep an eye on your syslog server as it could get overloaded with data.

Hope this helped you, any issues or questions please let me know in the comments

Steve

1 Like

Leave a Comment.