- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
Via the ESXi console
The ESXI console offers perhaps the most straightforward way to access ESXI log files. You can go to the server room and log in directly to the console UI. If you have remote-control software such as Supermicro, you can even launch the remote console in a web browser. Another option is to connect via an SSH client (PuTTY for example) and type dcui after you login as root. This will open the Direct Console User Interface (DCUI) as if you had logged in locally on the host.
View ESXi logs within a PuTTY session
Then you just have to navigate to View System Logs from the DCUI menu.
View System Logs
From the redirected log location
When setting up an ESXi host, one of the first things to do is redirect the ESXi log files to a new location. After this you can access the logs if the host becomes inaccessible, for example, in case of a Purple Screen of Death (PSOD).
The default ESXi log file location is /scratch/log directory if there is a local storage. However, nowadays ESXi hosts are often deployed "diskless" and only use shared storage instead of local storage. This could cause problems, and ESXi will inform you with a warning that the logs aren't stored on persistent storage.
ESXi warning Logs stored on non persistent storage
You can easily remediate this warning by setting the path to your shared datastore in the advanced Syslog.global.logDir parameter.
Set the desired datastore for the advanced parameter Syslog.global.logDir
It's a good practice to redirect log files. However, you should be aware that you then have to use a text editor to analyze the log messages manually. This is not really efficient.
Through the ESXi HTML 5 Host Client
Another option is to view the log files in a web browser through the ESXi HTML5 Host Client. Even though this is also a manual method, it is certainly a more effective and suitable approach for small environments without a syslog server.
First launch your web browser and type this complete URL to connect to the HTML5 Host Client:
https://ip_of_esxi/ui
Select Monitor, click the Logs tab, and select the logs you want to view. You'll access a window where you can choose the log file and view its contents in the lower pane. As you can see in the screenshot below, you can also generate a support bundle for VMware that helps you troubleshoot an issue within your environment.
You can open a new window that will display the log files in the full window instead of just in the lower pane. The search feature allows you to find specific log entries easily.
View ESXi logs via HTML5 Host Client
Via a web browser
You can also access the logs directly with a web browser without launching the HTML5 client. To do so, you have to navigate to the following address:
https://ip_of_esxi/host
A web page will open that shows links to your log files. You can then load the log file in your web browser and use the browser's search feature, or you can download the log file to analyze it in another application.
ESXi logs via web browser
Through syslog-compatible tools
Many free and commercial applications allow you to analyze ESXi logs. In general, any syslog compatible software can do the job. However, you have to configure the advanced parameter Syslog.global.logHost to expose the log files through either TCP or UDP. Depending on your syslog application, you would set the parameter to tcp://hostname:514 or udp://hostname:514.
Configuring the Syslog.global.logHost parameter
In large environments, you can use host profiles to deploy this configuration to all of your hosts. However, you'll need a VMware vSphere Enterprise Plus license to use this feature.
SolarWinds KIWI Syslog Server Free Edition is an example of a free syslog-compatible tool. Another free option is Splunk. Runecast Analyzer also offers syslog functionality. The tool allows you to reconfigure all of your hosts when adding your vCenter server.
Another tool worth mentioning is VMware's own log management product, vRealize Log Insight. The application also allows you to configure the Syslog.global.logHost parameter for multiple ESXi hosts. Moreover, vCenter Log Insight not only gives you easy access to your log files, the tool also monitors the health of the entire vSphere infrastructure (including VMs) by analyzing log files.
Subscribe to 4sysops newsletter!
VMware vRealize Log Insight is extensible with so-called Content Packs, which are community or partner add-ons. For instance, there are Content Packs for Active Directory, Exchange, and Storage. The tool supports automated log management through log aggregation, troubleshooting, and root cause analysis. VMware's log management product consumes unstructured log data from a wide range of IT infrastructure components such as applications, firewalls, network devices, operating systems, and storage devices. A vCenter Server license entitles you to a 25-OSI pack of vRealize Log Insight for vCenter Server at no additional cost.
