Syslog Collector

MikdillyMikdilly Member Posts: 309
Have installed a Vcenter Server integrated install of syslog collector on a 2008 server VM, provided login name and password to vcenter server which is running on a different VM. HAd no problems getting thru the install. Configured syslog.global.loghost on each host using vsphere client. Folders for each host have been created in data folder and logs are being written on machine running syslog collector. Problem is that Syslog Collector icon will not show up in Vcenter, have closed and re-opened it a few times but it will not show up, can anything be done to get it to show up? Or does it only show up if it's installed onto same machine running vcenter server?

Comments

  • netsysllcnetsysllc Member Posts: 479 ■■■■□□□□□□
    use splunkstorm.com and send the syslog offsite
  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    Never knew about splunkstorm, looks great. Will test it for my lab. Thanks.

    I dont think the syslog icon shows up unless your on vCenter itself. I'll wait for someone else to confirm.
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • QHaloQHalo Member Posts: 1,488
    It should show up under Network Syslog Collector. Make sure the plugin is working.

    Home>Administration>Network Syslog Collector
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    It shows up on my remote vCenter client. You have to enable to plug-in on your client, on each client from which you intend to manage the plug-in.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • MikdillyMikdilly Member Posts: 309
    In checking the plugins in vcenter, syslog collector shows as disabled, shows an error saying it could not connect to remote server, couldn't download the script plugin at hXXp://192.168.0.26:8001/extension.xml.

    Checked firewall on server running syslog collector, looks like port is open.

  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    Is the ESXi host's firewall port for Syslog open? 514 from memory, may be wrong.
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • MikdillyMikdilly Member Posts: 309
    Essendon wrote: »
    Is the ESXi host's firewall port for Syslog open? 514 from memory, may be wrong.

    Thanks, had just re-installed host after trial period ran out, forgot to re-enable the syslog global setting, don't know if i need the firewall setting as syslog server and vcenter are running vm's on the host, i turned on the syslog outgoing just to try it but still won't enable plugin. Now getting an error that it can't resolve the server name.

    From the vcenter vm i can ping the syslog server by name.
  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    I'm shooting in the dark but maybe you need to reinstall Syslog because the trial period expired and you reinstalled the host, things are probably out of whack. Interesting problem, keep us updated please!
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • MikdillyMikdilly Member Posts: 309
    Have re-installed it a couple of times with new trial period(VM's were re-registered on the host), once on the original VM and then on a different VM running on same host that also runs VM running the vcenter server that won't load the plugin. Have tried both ways during install of recognizing syslog collector on network, as host name and as ip address. Seems like something is blocking it in Server 2008 firewall settings but in turning off firewall on both sides it still came up with same error. Running out of ideas to try.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Please confirm that you have outbound syslog traffic opened on at the ESXi host level. You have to do this on each ESXi host.

    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • MikdillyMikdilly Member Posts: 309
  • MikdillyMikdilly Member Posts: 309
    Got plugin enabled in vcenter server by using ip addresses for vcenter and syslog collector in the install. Don't really see why it wouldn't work using hostnames as the host is configured to use the dns server for the domain that shows in Host Identification.



  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Mikdilly wrote: »
    Got plugin enabled in vcenter server by using ip addresses for vcenter and syslog collector in the install. Don't really see why it wouldn't work using hostnames as the host is configured to use the dns server for the domain that shows in Host Identification.



    Check to see if you have a Reverse DNS entry for that IP address
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • MikdillyMikdilly Member Posts: 309
    blargoe wrote: »
    Check to see if you have a Reverse DNS entry for that IP address

    There was no ptr record for the esx host that holds the vcenter and syslog collectors, added one but still won't load plugin after re-installing syslog and using hostnames. 'remote name could not be resolved'. What is doing the resolving? The guest os or the host? Tried testing the network from the console of the host, it will ping the gateway and dns address but fails every time on resolving hostname, seems like this is related to the failure to resolve the remote name for the plugin. The dns suffix for the network is setup in the console.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    It would be the vcenter server
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • MikdillyMikdilly Member Posts: 309
    Finally got the plugin enabled using hostnames, something was up with resolution on the network which i probably still don't understand. I had to re-install vcenter after trial ran out, in adding hosts back into cluster i was able to use hostnames but when trying to connect to console of vm's was getting 'unable to connect to MKS', searched error and found techhead.co page explaining 'if the client machine running the vSphere Client can’t resolve the ESX/ESXi’s host name then the console session cannot be established'. Before trial ran out I was using ip addresses to add the hosts to vcenter. Tried an nslookup from client machine running vsphere client, it resolved esx host name with wrong address, then realized primary dns was router and not dns server for network serving guest os's and hosts. Once I switched wireless connection to use same dns server as vm's i was then able to resolve correct ip address of host and re-connect to console in vsphere client. Never thought dns setting on client would effect accessing hosts once connected to vcenter server.
Sign In or Register to comment.