Make Your Logs Work for You

The days of logging in to servers and manually viewing log files are over. SolarWinds® Papertrail™ aggregates logs from applications, devices, and platforms to a central location.

View Technology Info

FEATURED TECHNOLOGY

Troubleshoot Fast and Enjoy It

SolarWinds® Papertrail™ provides cloud-based log management that seamlessly aggregates logs from applications, servers, network devices, services, platforms, and much more.

View Capabilities Info

FEATURED CAPABILITIES

Aggregate and Search Any Log

SolarWinds® Papertrail™ provides lightning-fast search, live tail, flexible system groups, team-wide access, and integration with popular communications platforms like PagerDuty and Slack to help you quickly track down customer problems, debug app requests, or troubleshoot slow database queries.

View Languages Info

FEATURED LANGUAGES

TBD - APM Integration Title

TBD - APM Integration Description

TBD Link

APM Integration Feature List

TBD - Built for Collaboration Title

TBD - Built for Collaboration Description

TBD Link

Built for Collaboration Feature List

Collect Logs: Apps & Services > ESXi

ESXi

VMware best practices dictate that ESXi virtualization hosts should have their logs stored remotely. ESXi supports sending log data to a remote log collector via the syslog protocol, which allows Papertrail to ingest it.

Prepare firewall

Connecting to Papertrail requires opening a new outgoing firewall rule, which can only be performed by SSHing to the ESXi host itself. Once the SSH service has been started via the “Security Policy” section of the VMware client, log in and run the following command to generate a new firewall rule:

$ cat <<EOF > /etc/vmware/firewall/papertrail.xml
<ConfigRoot>
<service id='1000'>
<id>Papertrail</id>
<rule>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>XXXXX</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
EOF

where XXXXX is the port number shown under log destinations.

Once that’s done, refresh the firewall configuration using:

$ esxcli network firewall refresh

Note that these new rules will not persist across a reboot unless they are applied via a vSphere Installation Bundle (VIB). A custom VIB can be created by following the instructions in this VMware Knowledge Base article.

Enable syslog

Once the firewall is ready, configure remote syslog using:

$ esxcli system syslog config set --loghost='ssl://logsN.papertrailapp.com:XXXXX'
$ esxcli system syslog reload

where logsN and XXXXX are the name and port number shown under log destinations.

Certificate verification

To secure the syslog traffic against man-in-the-middle attacks, enable certificate verification.

Starting with ESXi 6.0 Update 3, certificate verification is enforced regardless of the --check-ssl-certs setting. If the following steps are skipped, /var/log/.vmsyslogd.err reports SSL certificate verification failed, and no logs are forwarded to Papertrail.


To install Papertrail’s root certificate bundle, download papertrail-bundle.pem, and append the contents to /etc/vmware/ssl/castore.pem.

If the ESXi host is managed by vCenter, trusted root certificates are controlled by the Platform Services Controller. After downloading papertrail-bundle.pem, follow these instructions instead:

Finally, after using either technique to install Papertrail’s root certificate bundle, enable certificate verification:

$ esxcli system syslog config set --check-ssl-certs=true
$ esxcli system syslog reload
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.