{"id":73,"date":"2011-09-05T20:31:44","date_gmt":"2011-09-05T19:31:44","guid":{"rendered":"http:\/\/virtualizedworlduk.wordpress.com\/?p=19"},"modified":"2011-09-05T20:31:44","modified_gmt":"2011-09-05T19:31:44","slug":"configuring-a-vma-syslog-server","status":"publish","type":"post","link":"https:\/\/www.virtualworlduk.co.uk\/wordp\/configuring-a-vma-syslog-server\/","title":{"rendered":"Configuring a vMA Syslog Server"},"content":{"rendered":"<div>A similar post has been posted by Simon Long but this focused on ESXi 4.0, these instructions are designed for ESXi 4.1.<\/div>\n<div>With the following instructions you should be able to configure the vSphere Management Assistant (vMA) appliance to be used as a remote log collection server for ESXi 4.1.<\/div>\n<div>The reason this is required is because ESXi clears its logs when the host is rebooted, for troubleshooting purposes, a remote log collection server is required.<\/div>\n<div>To use this guide, you will need to have imported and configured the vSphere Management Assistant using the VMware guide.\u00a0 Once done, you should be able to log onto the vMA using Putty and the userid:\u00a0 vi-admin<\/div>\n<div>Our vMA is configured using our normal password.<strong><\/strong><\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Set Time and Enable NTP<\/strong><\/div>\n<div>ESXi uses UTC for its time stamping (which cannot be changed) and ESXi defaults to PDT, it is therefore a good idea to set the vMA\u2019s timezone to be UTC.<\/div>\n<div>Use the following commands to set the timezone to be UTC:<\/div>\n<div>\n<ul>\n<li>Sudo rm \/etc\/localtime<\/li>\n<li>Sudo ln \u2013s \/usr\/share\/zoneinfo\/UTC \/etc\/localtime<\/li>\n<li>Sudo chkconfig ntpd on<\/li>\n<\/ul>\n<\/div>\n<div>We now need to edit the ntp.conf file and replace the default ntp.org servers with our internal NTP servers.\u00a0 Use the following command to edit the file:<\/div>\n<div>\n<ul>\n<li>Sudo nano \/etc\/ntp.conf<\/li>\n<\/ul>\n<\/div>\n<div>Look for the section that says:\u00a0 # Use public servers from the pool.ntp.org project.<\/div>\n<div>Below this section will be a list of three servers, place a # in front of each of them.\u00a0 Then add a new line as:<\/div>\n<div>\n<ul>\n<li>Server &lt;domain controller FQDN&gt;<\/li>\n<\/ul>\n<\/div>\n<div>Use CTRL+X and Y to save the file and exit nano.<\/div>\n<div>Restart the ntpd service using the following command:<\/div>\n<div>\n<ul>\n<li>Sudo \/sbin\/service ntpd restart<\/li>\n<\/ul>\n<\/div>\n<div>To check that the ntp service is working correctly and the server is listed, use the following command:<\/div>\n<div>\n<ul>\n<li>Sudo ntpq \u2013p<\/li>\n<\/ul>\n<\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Change Keyboard Configuration<\/strong><\/div>\n<div>By default the keyboard of the vMA is configured for US, to change this use the following command:<\/div>\n<div>\n<ul>\n<li>Sudo nano \/etc\/sysconfig\/keyboard<\/li>\n<\/ul>\n<\/div>\n<div>Change the \u2018KEYTABLES=\u201dus\u201d\u2019 entry to:\u00a0 KEYTABLES=\u201den\u201d<\/div>\n<div>Use CTRL+X and Y to save the file and exit nano.<\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Add Additional Storage to vMA<\/strong><\/div>\n<div>Shutdown the vMA and add an additional disk to the appliance.\u00a0 Usually around 20Gb-40Gb would be sufficient for this.\u00a0 Power the vMA back on and then use the following process to make the additional storage usable:<\/div>\n<div>Format the new disk<\/div>\n<div>\n<ul>\n<li>Sudo fdisk \/dev\/sdb<\/li>\n<li>Press n to create a new partition<\/li>\n<li>Press p to make the new partition primary<\/li>\n<li>Press 1 to make the partition number 1<\/li>\n<li>Use the default on the first and last cylinders<\/li>\n<li>Press p to verify the partition table<\/li>\n<li>Press w to write the partition table<\/li>\n<\/ul>\n<\/div>\n<div>When the partition table write process is complete, you will need to format the new disk:<\/div>\n<div>\n<ul>\n<li>Sudo mkfs \u2013t ext3 \/dev\/sdb1<\/li>\n<\/ul>\n<\/div>\n<div>Edit the \/etc\/fstab file using the following:<\/div>\n<div>\n<ul>\n<li>Sudo nano \/etc\/fstab<\/li>\n<\/ul>\n<\/div>\n<div>Enter the following line to the file using tab to line up the entries:<\/div>\n<div>\n<ul>\n<li>\/dev\/sdb1\u00a0\u00a0\u00a0\u00a0 \/var\/log\/syslog\u00a0\u00a0\u00a0\u00a0\u00a0 ext3\u00a0\u00a0 defaults,auto 1\u00a0\u00a0\u00a0\u00a0\u00a0 2<\/li>\n<\/ul>\n<\/div>\n<div>Use CTRL+X and Y to save the file and exit nano.<\/div>\n<div>Make a new directory on the new disk:<\/div>\n<div>\n<ul>\n<li>Sudo mkdir \/var\/log\/syslog<\/li>\n<\/ul>\n<\/div>\n<div>Change the owner of the new directory to be the vi-admin account:<\/div>\n<div>\n<ul>\n<li>Sudo chown vi-admin:root \/var\/log\/syslog<\/li>\n<\/ul>\n<\/div>\n<div>Mount everything using the following command:<\/div>\n<div>\n<ul>\n<li>Sudo mount \u2013a<\/li>\n<\/ul>\n<\/div>\n<div>Verify that the mount is performed correctly by executing the following command:<\/div>\n<div>\n<ul>\n<li>Sudo df \u2013h<\/li>\n<\/ul>\n<\/div>\n<div>You should see an entry listed for \/dev\/sdb1 mounted as \/var\/log\/syslog<\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Change vilogger Settings<\/strong><\/div>\n<div>The program within the vMA that is used to perform the logging for us is called vilogger, this now needs to be configured to put the logs into the new folder that we have created.\u00a0 This can be done in the following way:<\/div>\n<div>\n<ul>\n<li>Sudo nano \/etc\/vmware\/vMA\/vMA.conf<\/li>\n<\/ul>\n<\/div>\n<div>Look through the file and change the entries between the three &lt;location&gt; &lt;\/location&gt; sections to read:<\/div>\n<div>\n<ul>\n<li>&lt;location&gt;\/var\/log\/syslog&lt;\/location&gt;<\/li>\n<\/ul>\n<\/div>\n<div>Use CTRL+X and Y to save the file and exit nano.<\/div>\n<div>Now we need to restart the vilogger daemon using the following command:<\/div>\n<div>\n<ul>\n<li>Sudo service vmware-vilogd restart<\/li>\n<\/ul>\n<\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Enable Remote Logging<\/strong><\/div>\n<div>Now we move onto adding the servers to the vMA as targets and then enabling the logging from the targets.<\/div>\n<div>List the existing servers that are added to the vMA using the following command:<\/div>\n<div>\n<ul>\n<li>Vifp listservers<\/li>\n<\/ul>\n<\/div>\n<div>If your server is not listed then add the server to the vMA with:<\/div>\n<div>\n<ul>\n<li>Sudo vifp addserver &lt;fqdn of server&gt;<\/li>\n<\/ul>\n<\/div>\n<div>Verify the server is listed by performing:\u00a0 vifp listservers<\/div>\n<div>To enable vilogging:<\/div>\n<div>\n<ul>\n<li>Vilogger enable &#8211;server &lt;fqdn of server&gt; &#8211;numrotation 20 &#8211;maxfilesize 10 &#8211;collectionperiod 300<\/li>\n<\/ul>\n<\/div>\n<div><strong>\u00a0 <\/strong><\/div>\n<div><strong>Viewing the Logs<\/strong><\/div>\n<div>It will take a little while for the logs to build up but you can check that the logs are being collected by using the following command:<\/div>\n<div>\n<ul>\n<li>Dir \/var\/log\/syslog\/&lt;fqdn of server&gt;<\/li>\n<\/ul>\n<\/div>\n<div>To get a more realtime look at the log files you can use the following command:<\/div>\n<div>\n<ul>\n<li>Tail \u2013f \/var\/log\/syslog\/&lt;fqdn of server&gt;\/vpxa.log<\/li>\n<\/ul>\n<p>An alternative method of viewing the logs is to download the log files to your local computer using a program such as WinSCP and then use Trace32 to view the log files.\u00a0 By using Trace32, it will highlight in Yellow for warning items and Red when it is an error, this makes the viewing of log files a lot easier.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A similar post has been posted by Simon Long but this focused on ESXi 4.0, these instructions are designed for ESXi 4.1. With the following instructions you should be able to configure the vSphere Management Assistant (vMA) appliance to be used as a remote log collection server for ESXi 4.1. The reason this is required is because ESXi clears its [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[9],"tags":[],"class_list":["post-73","post","type-post","status-publish","format-standard","hentry","category-vmware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/posts\/73","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/comments?post=73"}],"version-history":[{"count":0,"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/posts\/73\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/media?parent=73"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/categories?post=73"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtualworlduk.co.uk\/wordp\/wp-json\/wp\/v2\/tags?post=73"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}