Syslog stops working after upgrade to ESXi 5.0 Update 1

After upgrading an environment from ESX5 to ESX5U1, I noticed syslog stopped working. Since ESXi by default does not keep log messages across reboots, it is a must to either specify a syslog server to collect the log files, or set the log directory to a shared datastore.

In this environment I used syslog to log all messages from the ESX hosts to a central syslog server.

When checking the syslog server after the upgrade, I noticed there where no more log messages arriving at the syslog server, and confirmed there used to be log messages just prior to the upgrade.

When I checked the VMware ESXi 5.0 Update 1 Release Notes, I noticed the following “bug fix”:

Logs are written to syslog server even if syslog firewall rule-set is not enabled on an ESXi host
This issue is resolved in this release.

So what does this mean?

Apparently, prior to ESX5U1, sending syslog messages to a sylog server was always allowed, even if the firewall rules to enable this where not enabled.

So when this was “fixed” syslog did not work without explicitly enabling this rule, which caused syslog to stop working. (If off course, the rule was not already enabled prior to the upgrade)

So please remember, if you upgrade ESX5 to ESX5U1, to check if syslog is allowed outbound in the ESX firewall rules:





Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.