Configuring a vMA Syslog Server

A similar post has been posted by Simon Long but this focused on ESXi 4.0, these instructions are designed for ESXi 4.1.
With the following instructions you should be able to configure the vSphere Management Assistant (vMA) appliance to be used as a remote log collection server for ESXi 4.1.
The reason this is required is because ESXi clears its logs when the host is rebooted, for troubleshooting purposes, a remote log collection server is required.
To use this guide, you will need to have imported and configured the vSphere Management Assistant using the VMware guide.  Once done, you should be able to log onto the vMA using Putty and the userid:  vi-admin
Our vMA is configured using our normal password.
Set Time and Enable NTP
ESXi uses UTC for its time stamping (which cannot be changed) and ESXi defaults to PDT, it is therefore a good idea to set the vMA’s timezone to be UTC.
Use the following commands to set the timezone to be UTC:
  • Sudo rm /etc/localtime
  • Sudo ln –s /usr/share/zoneinfo/UTC /etc/localtime
  • Sudo chkconfig ntpd on
We now need to edit the ntp.conf file and replace the default servers with our internal NTP servers.  Use the following command to edit the file:
  • Sudo nano /etc/ntp.conf
Look for the section that says:  # Use public servers from the project.
Below this section will be a list of three servers, place a # in front of each of them.  Then add a new line as:
  • Server <domain controller FQDN>
Use CTRL+X and Y to save the file and exit nano.
Restart the ntpd service using the following command:
  • Sudo /sbin/service ntpd restart
To check that the ntp service is working correctly and the server is listed, use the following command:
  • Sudo ntpq –p
Change Keyboard Configuration
By default the keyboard of the vMA is configured for US, to change this use the following command:
  • Sudo nano /etc/sysconfig/keyboard
Change the ‘KEYTABLES=”us”’ entry to:  KEYTABLES=”en”
Use CTRL+X and Y to save the file and exit nano.
Add Additional Storage to vMA
Shutdown the vMA and add an additional disk to the appliance.  Usually around 20Gb-40Gb would be sufficient for this.  Power the vMA back on and then use the following process to make the additional storage usable:
Format the new disk
  • Sudo fdisk /dev/sdb
  • Press n to create a new partition
  • Press p to make the new partition primary
  • Press 1 to make the partition number 1
  • Use the default on the first and last cylinders
  • Press p to verify the partition table
  • Press w to write the partition table
When the partition table write process is complete, you will need to format the new disk:
  • Sudo mkfs –t ext3 /dev/sdb1
Edit the /etc/fstab file using the following:
  • Sudo nano /etc/fstab
Enter the following line to the file using tab to line up the entries:
  • /dev/sdb1     /var/log/syslog      ext3   defaults,auto 1      2
Use CTRL+X and Y to save the file and exit nano.
Make a new directory on the new disk:
  • Sudo mkdir /var/log/syslog
Change the owner of the new directory to be the vi-admin account:
  • Sudo chown vi-admin:root /var/log/syslog
Mount everything using the following command:
  • Sudo mount –a
Verify that the mount is performed correctly by executing the following command:
  • Sudo df –h
You should see an entry listed for /dev/sdb1 mounted as /var/log/syslog
Change vilogger Settings
The program within the vMA that is used to perform the logging for us is called vilogger, this now needs to be configured to put the logs into the new folder that we have created.  This can be done in the following way:
  • Sudo nano /etc/vmware/vMA/vMA.conf
Look through the file and change the entries between the three <location> </location> sections to read:
  • <location>/var/log/syslog</location>
Use CTRL+X and Y to save the file and exit nano.
Now we need to restart the vilogger daemon using the following command:
  • Sudo service vmware-vilogd restart
Enable Remote Logging
Now we move onto adding the servers to the vMA as targets and then enabling the logging from the targets.
List the existing servers that are added to the vMA using the following command:
  • Vifp listservers
If your server is not listed then add the server to the vMA with:
  • Sudo vifp addserver <fqdn of server>
Verify the server is listed by performing:  vifp listservers
To enable vilogging:
  • Vilogger enable –server <fqdn of server> –numrotation 20 –maxfilesize 10 –collectionperiod 300
Viewing the Logs
It will take a little while for the logs to build up but you can check that the logs are being collected by using the following command:
  • Dir /var/log/syslog/<fqdn of server>
To get a more realtime look at the log files you can use the following command:
  • Tail –f /var/log/syslog/<fqdn of server>/vpxa.log

An alternative method of viewing the logs is to download the log files to your local computer using a program such as WinSCP and then use Trace32 to view the log files.  By using Trace32, it will highlight in Yellow for warning items and Red when it is an error, this makes the viewing of log files a lot easier.

About the Author


I have been in IT for the past 15 years and using virtualisation technologies for around the past 8 years. I started, as quite a lot of people do, working with PCs after playing with such iconic systems like the ZX81, ZX Spectrum and then progressing through 386s, 486s, Pentiums etc. After being headhunted at sixth form to work for a small company based around Hertfordshire, UK. I began working with small businesses and gaining a lot of hardware experience. Three years later, after helping to increase the size of the business, I needed to gain exposure to a larger environment to progress my own career. I joined a large manufacturing company around Electronic Test and Measurement which progressed my skills onto more PC work, hardware work and then onto Server Operating Systems. I progressed again onto a consultancy company based in Reading, UK. Initially working as an engineer performing hardware / software installations for larger companies contracted out to the consultancy company, I moved up into a Consultant position continuing my travel across the UK assisting and providing solutions to companies. I finally moved on again to my current position, working back in Hertfordshire, UK. Again working for a large manufacturing company, this time with over 50,000 users worldwide. I am responsible for the datacenter hardware, the storage environment, the vmware environment and also implementing their new Citrix XenApp farm. My days are busy but also productive, its a friendly environment and in my four years of being with the company, I have seen many changes in technology and infrastructure in use within the company. About the site I started this site as I had been thinking of having more of a presence on the web for a while. On a daily basis, I perform tasks and use tools that others may not use or may not think to do and therefore I thought that I would share some of these experiences and tips with others to help with their day to day work. Currently, my main focus of work is around VMware and Veeam Backup & Replication but hopefully as my tasks progress, I’ll be able to share useful bits of information about other areas of IT as well.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.