VMware

syslog from vCenter to loginsight

Has anyone seen any issues when pointing syslog towards their syslog server? I am using loginsight and have seen on two occasions when vCenter starts sending lots of logs and actually overwhelms the loginsight server. The last issue saw ~20 million log entries in one hour. Most of these logs were related to something on vCenter called vtsdb

​

Once Loginsight became unavailable, it seems like rsyslog started to see issues and began core dumping filling up its slice of the disk.

​

I had to disable remove syslog in vCenter, restart loginsight and then kill the core dump files. I am a little nervous to turn remote syslog on again…

​

This is the latest version of vCenter (7.0)


View Reddit by gshukinView Source

Related Articles

One Comment

  1. This wouldn’t be with one or more hosts running the original release of ESXi 6.7, would it?

    Regarding LogInsight, it can be architected to handle a vast number of updates. Its log archiving function, however, which requires a NAS connected can be overwhelmed and is next to useless as a separate instance of LI is recommended to process the archived logs and restoring those logs can take hours or days.

Leave a Reply

Your email address will not be published. Required fields are marked *

Close