Hi,
Has anyone been able to configure syslog on ESXi to send logs on a non-standard TCP or UDP port (Not 514)? I've been through Configuring syslog on ESXi (2003322) | VMware KB
Here's a dump of the ESXi host syslog configuration:
esxcli system syslog config get
Default Network Retry Timeout: 180
dropped Log File Rotation Size: 100
Dropped Log File Rotations: 10
EnforceSSLCertificates: false
Local Log Output: /scratch/log
Local Log Output Is Configured: false
Local Log Output Is Persistent: true
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Message Queue Drop Mark: 90
Remote Host: udp://1.2.3.4:5183 (syslog.global.loghost to tcp://1.2.3.4:5183)
I've run "esxcli system syslog reload" various times and restarted the ESXi host as well as restarting syslog but nothing seems to work
When I write to the syslog using esxcli system syslog mark -s "Hello world" I don't see any packets being sent using tcpdump-uw -i vmk0 host 1.2.3.4 -vv (I also don't see them being received on the remote host). As soon as I change the port to either TCP or UDP 514 I see the logs being sent and are received on the remote host.
Additionally I've created a custom ESXi FW rule to allow 5183 through, just in case it was being blocked on this port, as well as disabling the ESX fw completely but nothing seems to work apart from 514.