In this article, I will list several options for accessing and viewing ESXi log files in environments of different sizes. VMware ESXi logs record information on the different components of the hypervisor such as storage, update or upgrade, VMkernel, and networking. The data in the log files is essential for troubleshooting. However, it's not always easy to search those log files because they can be quite voluminous.

Via the ESXi console ^

The ESXI console offers perhaps the most straightforward way to access ESXI log files. You can go to the server room and log in directly to the console UI. If you have remote-control software such as Supermicro, you can even launch the remote console in a web browser. Another option is to connect via an SSH client (PuTTY for example) and type dcui after you login as root. This will open the Direct Console User Interface (DCUI) as if you had logged in locally on the host.

View ESXi logs within a PuTTY session

View ESXi logs within a PuTTY session

Then you just have to navigate to View System Logs from the DCUI menu.

View System Logs

View System Logs

From the redirected log location ^

When setting up an ESXi host, one of the first things to do is redirect the ESXi log files to a new location. After this you can access the logs if the host becomes inaccessible, for example, in case of a Purple Screen of Death (PSOD).

The default ESXi log file location is /scratch/log directory if there is a local storage. However, nowadays ESXi hosts are often deployed "diskless" and only use shared storage instead of local storage. This could cause problems, and ESXi will inform you with a warning that the logs aren't stored on persistent storage.

ESXi warning Logs stored on non persistent storage

ESXi warning Logs stored on non persistent storage

You can easily remediate this warning by setting the path to your shared datastore in the advanced Syslog.global.logDir parameter.

Set the desired datastore for the advanced parameter Syslog.global.logDir

Set the desired datastore for the advanced parameter Syslog.global.logDir

It's a good practice to redirect log files. However, you should be aware that you then have to use a text editor to analyze the log messages manually. This is not really efficient.

Through the ESXi HTML 5 Host Client ^

Another option is to view the log files in a web browser through the ESXi HTML5 Host Client. Even though this is also a manual method, it is certainly a more effective and suitable approach for small environments without a syslog server.

First launch your web browser and type this complete URL to connect to the HTML5 Host Client:

https://ip_of_esxi/ui

Select Monitor, click the Logs tab, and select the logs you want to view. You'll access a window where you can choose the log file and view its contents in the lower pane. As you can see in the screenshot below, you can also generate a support bundle for VMware that helps you troubleshoot an issue within your environment.

You can open a new window that will display the log files in the full window instead of just in the lower pane. The search feature allows you to find specific log entries easily.

View ESXi logs via HTML5 Host Client

View ESXi logs via HTML5 Host Client

Via a web browser ^

You can also access the logs directly with a web browser without launching the HTML5 client. To do so, you have to navigate to the following address:

https://ip_of_esxi/host

A web page will open that shows links to your log files. You can then load the log file in your web browser and use the browser's search feature, or you can download the log file to analyze it in another application.

ESXi logs via web browser

ESXi logs via web browser

Through syslog-compatible tools ^

Many free and commercial applications allow you to analyze ESXi logs. In general, any syslog compatible software can do the job. However, you have to configure the advanced parameter Syslog.global.logHost to expose the log files through either TCP or UDP. Depending on your syslog application, you would set the parameter to tcp://hostname:514 or udp://hostname:514.

Configuring the Syslog.global.logHost parameter

Configuring the Syslog.global.logHost parameter

In large environments, you can use host profiles to deploy this configuration to all of your hosts. However, you'll need a VMware vSphere Enterprise Plus license to use this feature.

SolarWinds KIWI Syslog Server Free Edition is an example of a free syslog-compatible tool. Another free option is Splunk. Runecast Analyzer also offers syslog functionality. The tool allows you to reconfigure all of your hosts when adding your vCenter server.

Another tool worth mentioning is VMware's own log management product, vRealize Log Insight. The application also allows you to configure the Syslog.global.logHost parameter for multiple ESXi hosts. Moreover, vCenter Log Insight not only gives you easy access to your log files, the tool also monitors the health of the entire vSphere infrastructure (including VMs) by analyzing log files.

Subscribe to 4sysops newsletter!

VMware vRealize Log Insight is extensible with so-called Content Packs, which are community or partner add-ons. For instance, there are Content Packs for Active Directory, Exchange, and Storage. The tool supports automated log management through log aggregation, troubleshooting, and root cause analysis. VMware's log management product consumes unstructured log data from a wide range of IT infrastructure components such as applications, firewalls, network devices, operating systems, and storage devices. A vCenter Server license entitles you to a 25-OSI pack of vRealize Log Insight for vCenter Server at no additional cost.

+3
avataravatar
0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account