A similar post has been posted by Simon Long but this focused on ESXi 4.0, these instructions are designed for ESXi 4.1.

With the following instructions you should be able to configure the vSphere Management Assistant (vMA) appliance to be used as a remote log collection server for ESXi 4.1.

The reason this is required is because ESXi clears its logs when the host is rebooted, for troubleshooting purposes, a remote log collection server is required.

To use this guide, you will need to have imported and configured the vSphere Management Assistant using the VMware guide.  Once done, you should be able to log onto the vMA using Putty and the userid:  vi-admin

Our vMA is configured using our normal password.

ESXi uses UTC for its time stamping (which cannot be changed) and ESXi defaults to PDT, it is therefore a good idea to set the vMA’s timezone to be UTC.

Use the following commands to set the timezone to be UTC:

• Sudo rm /etc/localtime
• Sudo ln –s /usr/share/zoneinfo/UTC /etc/localtime
• Sudo chkconfig ntpd on

We now need to edit the ntp.conf file and replace the default ntp.org servers with our internal NTP servers.  Use the following command to edit the file:

• Sudo nano /etc/ntp.conf

Look for the section that says:  # Use public servers from the pool.ntp.org project.

Below this section will be a list of three servers, place a # in front of each of them.  Then add a new line as:

• Server <domain controller FQDN>

Use CTRL+X and Y to save the file and exit nano.

Restart the ntpd service using the following command:

• Sudo /sbin/service ntpd restart

To check that the ntp service is working correctly and the server is listed, use the following command:

• Sudo ntpq –p

By default the keyboard of the vMA is configured for US, to change this use the following command:

• Sudo nano /etc/sysconfig/keyboard

Change the ‘KEYTABLES=”us”’ entry to:  KEYTABLES=”en”

Use CTRL+X and Y to save the file and exit nano.

Shutdown the vMA and add an additional disk to the appliance.  Usually around 20Gb-40Gb would be sufficient for this.  Power the vMA back on and then use the following process to make the additional storage usable:

Format the new disk

• Sudo fdisk /dev/sdb
• Press n to create a new partition
• Press p to make the new partition primary
• Press 1 to make the partition number 1
• Use the default on the first and last cylinders
• Press p to verify the partition table
• Press w to write the partition table

When the partition table write process is complete, you will need to format the new disk:

• Sudo mkfs –t ext3 /dev/sdb1

Edit the /etc/fstab file using the following:

• Sudo nano /etc/fstab

Enter the following line to the file using tab to line up the entries:

• /dev/sdb1     /var/log/syslog      ext3   defaults,auto 1      2

Use CTRL+X and Y to save the file and exit nano.

Make a new directory on the new disk:

• Sudo mkdir /var/log/syslog

Change the owner of the new directory to be the vi-admin account:

• Sudo chown vi-admin:root /var/log/syslog

Mount everything using the following command:

• Sudo mount –a

Verify that the mount is performed correctly by executing the following command:

• Sudo df –h

You should see an entry listed for /dev/sdb1 mounted as /var/log/syslog

The program within the vMA that is used to perform the logging for us is called vilogger, this now needs to be configured to put the logs into the new folder that we have created.  This can be done in the following way:

• Sudo nano /etc/vmware/vMA/vMA.conf

Look through the file and change the entries between the three <location> </location> sections to read:

• <location>/var/log/syslog</location>

Use CTRL+X and Y to save the file and exit nano.

Now we need to restart the vilogger daemon using the following command:

• Sudo service vmware-vilogd restart

Now we move onto adding the servers to the vMA as targets and then enabling the logging from the targets.

List the existing servers that are added to the vMA using the following command:

• Vifp listservers

If your server is not listed then add the server to the vMA with:

• Sudo vifp addserver <fqdn of server>

Verify the server is listed by performing:  vifp listservers

To enable vilogging:

• Vilogger enable –server <fqdn of server> –numrotation 20 –maxfilesize 10 –collectionperiod 300

It will take a little while for the logs to build up but you can check that the logs are being collected by using the following command:

• Dir /var/log/syslog/<fqdn of server>

To get a more realtime look at the log files you can use the following command:

• Tail –f /var/log/syslog/<fqdn of server>/vpxa.log

An alternative method of viewing the logs is to download the log files to your local computer using a program such as WinSCP and then use Trace32 to view the log files.  By using Trace32, it will highlight in Yellow for warning items and Red when it is an error, this makes the viewing of log files a lot easier.