Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
    • Tags

    Trying to troubleshooting ESXi and vCenter logging to RHEL rsyslog server

    Posted on

    Trying to send logs from our production ESXi and VMWare vCenter to a RHEL6 x86_64 VM. I currently use this RHEL VM for all of my RHEL VMs to forward their logs to it via TCP and also have Logwatch running on it.

    I found this example online, however its for RHEL7. I wouldn't think it would matter at this point:

    https://thevirtualist.org/centralized-syslog-server-vsphere-environment-centos7-rsyslog/

    I made the following entries to /etc/rsyslog.conf

    $RuleSet local

DefaultRuleset local

    Restarted rsyslog daemon and got some errors and rsyslog stopped.


    [root@host etc]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@host etc]# tail -f /var/log/messages
Feb 26 12:26:09 host rsyslogd-3003: Could not find template 'TIMESTAMP' - action disabled
 [try http://www.rsyslog.com/e/3003 ]


[root@host etc]# tail -f /var/log/messages
Feb 26 12:26:09 host rsyslogd-3003: Could not find template 'TIMESTAMP' - action disabled
 [try http://www.rsyslog.com/e/3003 ]
Feb 26 12:26:09 host rsyslogd: the last error occured in /etc/rsyslog.d/vsphere.conf, line 19:"*.* ?REMOTEESX;TIMESTAMP"
Feb 26 12:26:09  rsyslogd: warning: selector line without actions will be discarded
Feb 26 12:26:09  rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Feb 26 12:26:09  rsyslogd: the last error occured in /etc/rsyslog.d/vsphere.conf, line 20:"}"
Feb 26 12:26:09  rsyslogd: warning: selector line without actions will be discarded
Feb 26 12:26:09  rsyslogd: the last error occured in /etc/rsyslog.conf, line 34:"$IncludeConfig /etc/rsyslog.d/*.conf"
Feb 26 12:26:09  rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
Feb 26 12:26:09  rsyslogd-2077: Could not create tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 ]

    Doing some troubleshooting, looks like rsyslog needs to be upgraded to a newer version?

    http://osengineer.blogspot.com/2014/01/install-rsyslog7-to-centos6.html

    If that is the case, just back up important files, remove old rsyslog and then install the newer version, correct?

    thanks

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat