VMWare host syslog

i just configure graylog appliance for vmware,all went perfect
i also configure my ESXI 6 hosts to send logs to the greylog server by using the following input udp://:514
still dont receive any logs to graylog
help ? :frowning:

I have tried several different inputs such as syslog udp on port 1514 (using ip tables to forward traffic destined for tcp/udp port 514 to 1514) I have also done the same using port 12207

i have also tried a plain text gelf udp in the same config
iptable command sample:

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 514 -j REDIRECT --to-port 12207

i have verified that graylog server is listening on port 514. LISTENING

also i am on the latest version of graylog (3.x) and there doesnt appear to be a compatible vvcenter package in the graylog marketplace =(

Did you make sure your ESXi hosts are allowed to send syslog out? By default the firewall could limit that outgoing traffic on each host.

yes I also enabled the firewall rule for syslog traffic on my host.

did you created a syslog input in Graylog?

yes i have attempted to use: syslog udp // syslog tcp // and raw-plaintext udp


My graylog server is receiving syslog from my esx host. However these logs are in my /var/log/syslog on the graylog server itself …how do i get graylog the application to actually see these logs?


I am now seeing log data on my graylog server, what i had to do is something along the lines of the following to forward my local graylog logs to a port that i set and input up on within the graylog application:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.