Configure VMware syslogs for Azure VMware Solution

Diagnostic settings are used to configure streaming export of platform logs and metrics for a resource to the destination of your choice. You can create up to five different diagnostic settings to send different logs and metrics to independent destinations.

In this article, learn how to configure a diagnostic setting to collect VMware syslogs for your Azure VMware Solution private cloud. Then, learn how to store the syslog to a storage account to view the vCenter Server logs and analyze for diagnostic purposes.

Important

The VMware syslogs contains the following logs:

• vCenter Server logs
• ESXi logs
• vSAN logs
• NSX Manager logs
• NSX Distributed Firewall logs
• NSX Gateway Firewall logs
• NSX Edge Appliance logs

Prerequisites

Make sure you have an Azure VMware Solution private cloud with access to the vCenter Server and NSX Manager interfaces.

Configure diagnostic settings

1. From your Azure VMware Solution private cloud, select Diagnostic settings, then Add diagnostic settings.

1. Select the vmwaresyslog, All metrics, and select one of the following options presented.

Send to Log Analytics workspace

How to set up Log Analytics

A Log Analytics workspace:

• Contains your Azure VMware Solution private cloud logs.

• Is the workspace from which you can take desired actions, such as querying for logs.

In this section, you’ll:

• Configure a Log Analytics workspace

• Create a diagnostic setting in your private cloud to send your logs to this workspace

Create a resource

1. In the Azure portal, go to Create a resource.
2. Search for “Log Analytics Workspace” and select Create -> Log Analytics Workspace.

Set up your workspace

1. Enter the Subscription you intend to use, the Resource Group chosen to house this workspace. Give it a name and select a region.
2. Select Review + Create.

Add a diagnostic setting

Next, we add a diagnostic setting in your Azure VMware Solution private cloud, so it knows where to send your logs to.

1. Select your Azure VMware Solution private cloud. Go to Diagnostic settings on the left-hand menu under Monitoring. Select Add diagnostic setting.

2. Give your diagnostic setting a name. Select the log categories you're interested in sending to your Log Analytics workspace.

3. Make sure to select the checkbox next to Send to Log Analytics workspace. Select the Subscription your Log Analytics workspace lives in and the Log Analytics workspace. Select Save on the top left.

At this point, your Log Analytics workspace is now successfully configured to receive logs from your Azure VMware Solution private cloud.

Search and analyze logs using Kusto

Now that you successfully configured your logs to go to your Log Analytics workspace, you can use that data to gain meaningful insights with the Log Analytics search feature. Log Analytics uses a language called the Kusto Query Language (or Kusto) to search through your logs.

For more information, see Data analysis in Azure Data Explorer with Kusto Query Language.

Archive to storage account

1. In Diagnostic setting, select the storage account where you want to store the logs and select Save.

2. Go to your Storage accounts, verify Insight logs vmwarelog was created, and select it.

3. Browse Insight logs vmwarelog to locate and download the json file to view the logs.

Stream to Microsoft Azure Event Hubs

1. In Diagnostic setting, under Destination details, select Stream to an Event Hub.
2. From the Event Hub namespace drop-down menu, choose where you want to send the logs, select, and Save.