Sending logs via TCP from VMWare ESXi

Graylog Tech Challenges
1

Hi!

I am using your config, which is fine, but there is one problem:

When I am sending logs via TCP from VMWare ESXi, i am getting:

2022-01-14T07:00:00.192Z info hostd[2100182] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 371710 : The host "10.0.49.60:1514" has become unreachable.  Remote logging to this host has stopped.

If I point it directly to graylog, this is not the case.

What I tried:
I did setup only one upstream server to avoid, that the session can be rebalanced β†’ No success.

Do you have any idea on how to solve this?

Thank you and best wishes
KPS

2

NOTE: The above post was moved from nginx Config Examples as more appropriate in Daily Challenges. It reference this post:

1 Like
3

Hello @KPS

info hostd[2100182] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 371710 : The host "10.0.49.60:1514" has become unreachable.  Remote logging to this host has stopped.

So your remote logging host has stopped?
Did you check that host β€œ10.0.49.60:1514” log shipper or Service is working?

4

Hi,

have you checked the firewall on the ESXi? I’m not sure, but I think the default port for the service syslog on an ESXi is 514 and not 1514.

You could also check the receiving network traffic on your Graylog (e.g. tcpdump -lvni any port 1514 and host <ESXi IP>).

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.