Skip to content

Configure Log Collection

Info

Please note that the Log Analysis feature is available only in Runecast Analyzer on VMware vSphere deployments.

Runecast offers real-time analysis of logs received from the vSphere hosts and VMs. Your hosts may already be forwarding their logs to a standard syslog collector. Runecast can be configured as an additional syslog destination; logs will continue to be sent to your other syslog server(s) and you do not need to delete any current syslog server addresses. Runecast will retain only the relevant log entries that may indicate a potential issue.

Configure log settings for all ESXi hosts and VMs in order to maximize the data being analyzed for issues.

Note

The log configuration can be carried out at any time. Runecast Analyzer will start analyzing the logs immediately after they are forwarded to the appliance. If you would like to setup log collection later, you can skip this step.

ESXi Log Forwarding

Automatic Setup

  1. Ensure that the vCenter user you have configured has the following privileges:

    Host > Configuration > Advanced settings
    Host > Configuration > Network configuration

  2. Click the Settings icon located on the right-hand side of the top navigation bar and select the Log Analysis tab.

  3. Click the Edit button to configure log retention. This can be set according to the number of days retained and maximum size of logs retained on disk.

  4. Observe the list of vCenters connected to Runecast appliance. Clicking on each one will expand the list of hosts belonging to the selected vCenter and will display whether they are configured to send their logs to the Runecast Analyzer appliance (either a green checkmark or a red cross).

  5. Click the wrench icon located on the right-hand side of the Host syslog settings section.

  6. Select the hosts that are not configured and click Configure. Confirm the changes by clicking OK.

Note

Some checkboxes may appear in grey – this means they are not selectable due to insufficient privileges for the vCenter user configured. Refer to Step 1 for more information.

The Reload button is used for fetching the syslog settings from all connected vCenters. To fetch a specific vCenter server use the 🔄 icon located to the right-hand side of the selected vCenter.

PowerCLI Script Setup

Alternatively, you can use a PowerCLI script to configure ESXi logging:

  1. Click the help ring icon located to the right-hand side of the Host syslog settings section in the Log Analysis tab.

  2. Expand the section and click to download the PowerCLI script.

  3. You can review the script before execution and make changes if needed.

  4. Execute the script using PowerCLI.

Manual Setup

If you prefer to configure the ESXi syslog settings manually then follow the steps provided in this section. For each ESXi host in your environment, perform the following:

  1. Navigate to the Syslog.global.logHost setting:

    • (Web Client) select the ESXi host > Manage > Settings > Advanced System Settings

    • (vSphere Client) select the ESXi host > Configuration > Advanced Settings > Syslog

  2. Add udp://applianceIP:514 to the value of Syslog.global.logHost (if you already have another remote syslog configured, append the value and separate it with a comma). Click OK.

  3. Navigate to Security profile > Firewall > Properties.

  4. Make sure that syslog is enabled. Click OK.

Note

You can read more about enabling remote syslog in the VMware KB article 2003322.

VM Log Forwarding

Automatic Setup

VM log forwarding is only effective if you have configured ESXi log forwarding (see above).

By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog automatically, follow these steps:

  1. Ensure that the vCenter user you have configured has the following privileges:

    Virtual Machine > Configuration > Advanced

  2. Click the Settings icon located on the right side of the top navigation bar and select the Log Analysis tab.

  3. Observe the list of vCenters connected to the Runecast appliance. Clicking on each one will expand the list of VMs belonging to the selected vCenter and whether they are configured to send their logs to the Runecast Analyzer appliance (either a green checkmark or a red cross).

  4. Click the wrench icon located on the right-hand side of the VM log settings section.

  5. Select the VMs that are not configured and click Configure.

  6. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied and thereafter logs will be sent from the VM.

Note

Some checkboxes may appear in a grey color – this means that they are not selectable due to insufficient privileges for vCenter user you have configured. Refer to Step 1 for more information.

PowerCLI Script Setup

Alternatively, you can use a PowerCLI script to configure VM logging:

  1. Click the help ring icon located on the right side-hand of the VM log settings section of the Log Analysis tab.

  2. Expand the Scripted section and download the PowerCLI script.

  3. You can review the script before execution and make any changes if needed.

  4. Execute the script using PowerCLI.

  5. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied and thereafter logs will be sent from the VM.

Manual

If you prefer to configure the VM log settings manually then follow the steps in this section. VM log forwarding will only be effective if you have previously configured ESXi log forwarding.

By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog, follow these steps for each VM:

  1. Power off / Shutdown the VM.

  2. In the VM Hardware panel, click Edit Settings > VM Options.

  3. Click the Advanced triangle to expand the advanced virtual machine options.

  4. Select Enable logging.

  5. Click Configuration parameters.

  6. Click Add Row.

  7. In name column insert: vmx.log.destination, In value column insert: syslog-and-disk

  8. Click Add Row.

  9. In name column insert: vmx.log.syslogID

  10. In value column insert the specific VM name. Click OK twice.