I've followed the documentation, host can connect to remote log port using nc, but no logs are received. As a remote syslog I'm using Loki and Promtail which only supports RFC 5424.
Does ESXi ship this format? How the format can be changed?
Asked
Active
Viewed 607 times
0
Jan Zahradník
- 547
- 5
- 14
-
Remote port you mean 514 udp/tcp where `promtail` is listening for incoming syslog events? I don't know what version of netcat ESXi uses but I would do: `echo 'sourcehost message text' | openbsd-nc -n -N -u -w 0
514` and on host running `promtail` i would run wireshark to see what's going on. – Jiri B Mar 08 '21 at 09:50
1 Answers
1
This is probably not exactly what you wanted but you can always send to a syslog server like rsyslog and then forward from there.
The option RSYSLOG_SyslogProtocol23Format will ensure it's RFC5424:
action(type="omfwd" target="promtail-ip-adress" port="514" template="RSYSLOG_SyslogProtocol23Format" protocol="tcp")
Michael Hampton
- 237,123
- 42
- 477
- 940
Kai G
- 11
- 1