Bobcares

Sending ESXi logs to Nagios log server – Let us discuss

PDF Header PDF Footer

Sending ESXi logs to Nagios log server? We can help you.

We send ESXi Syslog messages to Nagios Log Server for storage and analysis.

As part of our Server Management Services, we assist our customers with several Nagios queries.

Today, let us see how to configure the VMware ESXi server to send Syslog messages to Nagios Log Server.

 

Sending ESXi logs to Nagios log server

In this article, our Support Techs will walk us through:

  • Create input for UDP 514 and TCP 1514 ports
  • Configure Firewall Rules on Nagios Log Server
  • Configure ESXi to send Syslogs to Nagios Log Server

Create Input UDP 514

To use UDP 514, we need to configure our Nagios Log Server to listen on privileged ports.

  1. Initially, we login to Nagios Log Server
  2. Then we navigate to Configure > Global (All Instances) > Global Config.
  3. Here, we click the + Add Input button and select Custom.
  4. We will have a new block at the bottom of the list of Inputs.
  5. Type a unique name for the input which will be Syslog (ESXi).
  6. In the text area field, enter the following code:
    syslog {
    type => ‘syslog-esxi’
    port => 514
    }
  7. Finally, click the Save & Apply button to create and apply the configuration.

In addition, we need to create a firewall rule to allow the incoming UDP traffic:

RHEL 7+|CentOS 7+|CentOS Stream

# firewall-cmd –zone=public –add-port=514/udp
# firewall-cmd –zone=public –add-port=514/udp –permanent

Debian:

Debian does not enable the local firewall by default. So no steps are required here. If it is enabled, then the command is:

# iptables -I INPUT -p udp –destination-port 514 -j ACCEPT

Ubuntu:

Similarly, if the local firewall is enabled on Ubuntu by default, then the commands are:

# sudo ufw allow 514/udp
# sudo ufw reload

Create Input TCP 1514

  1. Login to Nagios Log Server and navigate to Configure > Global (All Instances) > Global Config.
  2. Click the + Add Input button and select Custom.
  3. A new block will appear at the bottom of the list of Inputs.
  4. Type a unique name for the input which will be Syslog (ESXi). In the text area field, enter the following code:
    syslog {
    type => ‘syslog-esxi’
    port => 1514
    }
  5. Eventually, click the Save & Apply button to create this input and apply the configuration.

In addition, we create a firewall rule to allow the incoming TCP traffic:

RHEL 7+|CentOS 7+|CentOS Stream

# firewall-cmd –zone=public –add-port=1514/tcp
# firewall-cmd –zone=public –add-port=1514/tcp –permanent

Debian:

If the local firewall is enabled. then the command is:

# iptables -I INPUT -p udp –destination-port 1514 -j ACCEPT

Ubuntu:

If the local firewall is enabled in Ubuntu, then the commands are:

# sudo ufw allow 1514/udp
# sudo ufw reload

Configure ESXi

  1. Initially, we open the vSphere Client to the ESXi server.
  2. Then we select the ESXi host in the inventory pane.
  3. Here, we click the Configuration tab on the right.
  4. Under Software, we click Advanced Settings.
  5. Then, Expand Syslog and click global.
    For UDP 514 change Syslog.global.logHost to: udp://xxx.xxx.xxx.xxx:514
    For TCP 1514 change Syslog.global.logHost to: tcp://xxx .xxx.xxx.xxx:1514
  6. Click OK.
  7. Then under Software click Security Profile.
  8. For Firewall, we click Properties.
  9. Find Syslog and Tick the box.
  10. Finally, click OK.

In the steps above, the xxx.xxx.xxx.xxx is the IP Address of Nagios Log Server.

Check Nagios Log Server

We need to confirm that Nagios Log Server receives data from the ESXi server navigate to the Dashboards page.

We perform a Query on the host field using the IP Address of our ESXi host: host:<ESXi Host Address>

The results appear in the ALL EVENTS panel. If we see the results then everything should work correctly.

Advanced Configuration

If we already have an existing SYSLOG input for UDP 514 or TCP 1514 then we need to define a filter. It defines the type as syslog-esxi for the received ESXi logs.

We need this because the ESXi Syslog date format may be slightly different from that of other Syslog data.

This may cause problems with the indices created every day by Elasticsearch.

The filter we create requires that the addresses of all ESXi hosts sending syslogs to Nagios Log Server be defined as part of the filter.

For example, we will use the addresses 10.25.6.145 and 10.25.6.146.

  1. In Nagios Log Server, we navigate to Configure > Global (All Instances) > Global Config.
  2. Then click the + Add Filter button and select Custom.
  3. We will have a new block at the bottom of the list of filters.
  4. Here, we type a unique name for the filter which will be ESXi.
  5. In the text area field, we enter the following code:
    if [host] == ‘10.25.6.145’ or [host] == ‘10.25.6.146’ {
    mutate {
    replace => { ‘type’ => ‘syslog-esxi’ }
    }
    }
  6. Click the Save & Apply button to create and apply the configuration.
  7. Once done, we should proceed to the Configure ESXi section.

[Need help with ESXi logs? We are here for you]

 

Conclusion

In short, today we saw how our Support Techs go about Sending ESXi logs to Nagios log server.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Get featured on the Bobcares blog and share your expertise with a global tech audience.

WRITE FOR US
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Speed issues driving customers away?
We’ve got your back!

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF