Skip to content

Configure Log Collection

Info

Please note that the Log Analysis feature is available only in Runecast Analyzer on VMware vSphere deployments.

Runecast offers real-time analysis of logs received from the vSphere hosts and VMs. Your hosts may already be forwarding their logs to a standard syslog collector. Runecast can be configured as an additional syslog destination; logs will continue to be sent to your other syslog server(s) and you do not need to delete any current syslog server addresses. Runecast will retain only the relevant log entries that may indicate a potential issue.

Configure log settings for all ESXi hosts and VMs in order to maximize the data being analyzed for issues.

Note

The log configuration can be carried out at any time. Runecast Analyzer will start analyzing the logs immediately after they are forwarded to the appliance. If you would like to setup the log collection later, you can skip this step.

This step-by-step guide will equip you with essential skills to configure your log collection, guide you through configuration of syslog settings, selection of hosts and VMs, and will get you ready for running your first log analysis: How to configure Log Collection for Log Analysis in Runecast .

ESXi Log Forwarding

Automatic Setup

  1. Ensure that the vCenter user you have configured has the following privileges:

    Host > Configuration > Advanced settings
    Host > Configuration > Network configuration

  2. Click the Settings icon located on the right-hand side of the top navigation bar and select the Log Analysis tab.

  3. Observe the list of vCenters connected to Runecast appliance. Clicking on each one will expand the list of hosts belonging to the selected vCenter and will display whether they are configured to send their logs to the Runecast Analyzer appliance (either a green checkmark or a red cross).

  4. Click the wrench icon located on the right-hand side of the Host syslog settings section.

  5. Select the hosts that are not configured and click Configure. Confirm the changes by clicking OK.

Note

Some checkboxes may appear in grey – this means they are not selectable due to insufficient privileges for the vCenter user configured. Refer to Step 1 for more information.

The Reload button is used for fetching the syslog settings from all connected vCenters. To fetch a specific vCenter server use the 🔄 icon located to the right-hand side of the selected vCenter.

PowerCLI Script Setup

Alternatively, you can use a PowerCLI script to configure ESXi logging:

  1. Click the help ring icon located to the right-hand side of the Host syslog settings section in the Log Analysis tab.

  2. Expand the Scripted section and click Download PowerCLI script for syslog configuration on Host to download the PowerCLI script.

  3. You can review the script before execution and make changes if needed.

  4. Execute the script using PowerCLI.

Manual Setup

If you prefer to configure the ESXi syslog settings manually, follow the steps provided in this section. For each ESXi host in your environment, perform the following:

  1. In the VMware vSphere Client, navigate to the the ESXi host, click Configure > System > Advanced System Settings and click the EDIT button

  2. Find the value Syslog.global.logHost and set it to udp://<appliance IP>:514. If you already have another remote syslog configured, append the value and separate it with a comma. Click OK.

  3. Navigate to Configure > System > Firewall and click the EDIT button

  4. Make sure that syslog service is enabled. Click OK.

Note

You can read more about enabling remote syslog in the VMware KB article 2003322.

VM Log Forwarding

Automatic Setup

VM log forwarding is only effective if you have configured ESXi log forwarding (see above).

By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog automatically, follow these steps:

  1. Ensure that the vCenter user you have configured has the following privileges:

    Virtual Machine > Configuration > Advanced

  2. Click the Settings icon located on the right side of the top navigation bar and select the Log Analysis tab.

  3. Observe the list of vCenters connected to the Runecast appliance. Clicking on each one will expand the list of VMs belonging to the selected vCenter and whether they are configured to send their logs to the Runecast Analyzer appliance (either a green checkmark or a red cross).

  4. Click the wrench icon located on the right-hand side of the VM log settings section.

  5. Select the VMs that are not configured and click Configure.

  6. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied and thereafter logs will be sent from the VM.

Note

Some checkboxes may appear in a grey color – this means that they are not selectable due to insufficient privileges for vCenter user you have configured. Refer to Step 1 for more information.

PowerCLI Script Setup

Alternatively, you can use a PowerCLI script to configure VM logging:

  1. Click the help ring icon located on the right side-hand of the VM log settings section of the Log Analysis tab.

  2. Expand the Scripted section and download the PowerCLI script.

  3. You can review the script before execution and make any changes if needed.

  4. Execute the script using PowerCLI.

  5. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied and thereafter logs will be sent from the VM.

Manual

If you prefer to configure the VM log settings manually, follow the steps in this section. VM log forwarding will only be effective if you have previously configured ESXi log forwarding.

By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog, follow these steps for each VM:

  1. In the vSphere Client, shutdown the VM

  2. In the VM Hardware panel, click Edit Settings > VM Options

  3. Expand the Advanced section

  4. Select Enable logging

  5. Under Configuration parameters click EDIT CONFIGURATION

  6. Click ADD CONFIGURATION PARAMS

  7. In the Name column, insert vmx.log.destination

  8. In the Value column, insert syslog-and-disk

  9. Click ADD CONFIGURATION PARAMS

  10. In the Name column, insert vmx.log.syslogID

  11. In the Value column, insert the name of this VM

  12. Click OK twice