Friday, June 24, 2011

How to configure vMA as a destination of ESXi logs

Add a second virtual disk to store your logs:
    Power off vMA
    Add a second virtual disk to the vMA VM
    Power on vMA
    Login using vi-admin
    Format the new Disk with the following command: fdisk /dev/sdb
        Use the n command to create a new partition
        Use the p command to make the new partition a primary partition
        Press 1 to make it partition #1
        Use the default for the First Cylinder
        Use the default for the Last Cylinder
        Use the p command to verify the partition table
        Use the w command to write the partition table to the hard disk
    Press Enter a couple of times to confirm it's finished and return to the command prompt
    Now we need to format the partition using the follow command: sudo mkfs -t ext3 /dev/sdb1

Now we have our new disk ready, we now need to mount it:

    Edit /etc/fstab using the following command: nano /etc/fstab
    Enter in the following line:
    /dev/sdb1 /var/log/syslog ext3 defaults,auto 1 2
    Use Ctrl+X then y to save the file
    Next: cd /var/log/ then mkdir syslog
    Change the owner of the /syslog dir: sudo chown vi-admin:root /var/log/syslog
    finally mount /var/log/syslog to mount the disk

Ok, now our new disk is mounted, we need to tell the vilogger application to store your logfiles there. The default location is /var/log/vmware so we need to change it:

    Edit the vilogger config file using: nano /etc/vmware/viconfig/vilogdefaults.xml
    (or /etc/vmware/vMA/vMA.conf in v4.1)
    Change the file to match this: /var/log/syslog (This appears twice, change both)
    Use Ctrl+X then y to save the file
    Restart vilogger by: service vmware-vilogd restart

Now vilogger is set to store your ESXi logfiles onto your new disk.

Stop the rsyslog daemon:
    sudo service rsyslog stop

Modify rsyslog file:
    sudo nano /etc/sysconfig/rsyslog
    Changed parameter: SYSLOGD_OPTIONS="-r -m 0"
    Use Ctrl+X then y to save the file

Restart rsyslog:
    sudo service rsyslog start

Open one firewall port on the vMA’s firewall:
    sudo iptables -I RH-Firewall-1-INPUT 2 -i eth0 -p udp --dport 514 -j ACCEPT

Save the rule to make sure that it stays there after a reboot:
    sudo service iptables save

Configure the ESXi host using vMA to send those logs to vMA:
    vifptarget -s vmsrv.address.local
    vicfg-syslog -s vMA.address.local
    For the free ESXi you can use vSphere Client to configure syslog:
    From the Advanced Settings of the Configuration tab select Syslog and set the
    Syslog.Remote.Hostname parameter to the IP address of vMA

Enable the vilogger in vMA to collect the logs:
    vilogger enable –server vmsrv.address.local –numrotation 20 –maxfilesize 10 –collectionperiod 10

View the logs:
    tail -f /var/log/syslog/vmsrv.address.local/vpxa.log

Read more in these links:
http://www.simonlong.co.uk/blog/2010/05/28/using-vma-as-your-esxi-syslog-server
http://www.vladan.fr/how-to-configure-vma-as-a-destination-of-esxi-log-files

No comments:

Post a Comment