Sending logs via TCP from VMWare ESXi

Graylog Tech Challenges
1

Hi!

I am using your config, which is fine, but there is one problem:

When I am sending logs via TCP from VMWare ESXi, i am getting:

2022-01-14T07:00:00.192Z info hostd[2100182] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 371710 : The host "10.0.49.60:1514" has become unreachable.  Remote logging to this host has stopped.

If I point it directly to graylog, this is not the case.

What I tried:
I did setup only one upstream server to avoid, that the session can be rebalanced → No success.

Do you have any idea on how to solve this?

Thank you and best wishes
KPS

2

NOTE: The above post was moved from nginx Config Examples as more appropriate in Daily Challenges. It reference this post:

1 Like
3

Hello @KPS

info hostd[2100182] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 371710 : The host "10.0.49.60:1514" has become unreachable.  Remote logging to this host has stopped.

So your remote logging host has stopped?
Did you check that host “10.0.49.60:1514” log shipper or Service is working?

4

Hi,

have you checked the firewall on the ESXi? I’m not sure, but I think the default port for the service syslog on an ESXi is 514 and not 1514.

You could also check the receiving network traffic on your Graylog (e.g. tcpdump -lvni any port 1514 and host <ESXi IP>).

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.