Typical ESXi syslog messages per day?

We’re seeing about 80k and we’ve looked into every documented log level setting we can find. Is this normal?

  1. We’ve been killing our SIEM, as I don’t believe there’s much way to tune the level of logs; the same logs go to all senders, and you want something like loginsight (or your aggregator of choice) to get everything, which means the siem is getting everything.

    We’re considering having our aggregator send just the important bits to our siem, but I’m interested to know what others do!

    (Oh, and quantity will depend a fair bit on the workloads the hosts are running)

  2. Quantity will depend entirely on your environment and the version of ESXi that you’re running. We increased volume of logs in recent releases in order to give better audit logging.

