• You have configured an ESXi 5.x host's syslog service to route system log streams to a remote syslog server using any of the methods described in Configuring syslog on ESXi 5.x (2003322).
   
• An ESXi 5.x host stops sending logs to a remote syslog server.
   
• You see the event message:
  
  esx.problem.vmsyslogd.remote.failure
   
• In the /var/log/vobd.log file, you see entries similar to:
  
  [UserLevelCorrelator] nnnnnnnnus: [vob.user.vmsyslogd.remote.failure] The host "10.11.12.13:514" has become unreachable. Remote logging to this host has stopped.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

This event indicates that the ESXi syslog service vmsyslogd stopped sending messages to a remote syslog server. This issue may occur if:

• The network connection has been interrupted.
• The remote host has closed the connection.
• A firewall is preventing the logs from being sent.
• The remote syslog server is not available.

Reason for disconnection

1. Review the log file /var/log/.vmsyslogd.err on the ESXi host to identify the timeframe and any cited reason for connection failure from the perspective of the ESXi host vmsyslogd service.
    
2. Determine whether the ESXi host is correctly configured to send logs to the remote syslog server. For more information, see Configuring syslog on ESXi 5.x (2003322).
    
3. Determine whether the remote syslog server logs agree with the timeframe for the connection failure. Identify any cited reason for the connection failure from the perspective of the remote syslog server.
    
4. Determine whether the network connection path between the ESXi host and the remote syslog server experienced a temporary or permanent interruption.
    
5. Determine whether the ESXi host logs have resumed flowing from to the remote syslog server automatically.
    

Automatic Reconnection

In some versions of vSphere ESXi, the syslog service automatically reconnects to the remote syslog server after a network interruption. It is recommended to apply one of the following patch levels to ensure persistence of logging. If updating or patching ESXi is not an option, continue with steps in the Manual Reconnection section.

• For UDP syslog traffic:
   
  • vSphere ESXi 5.0 build 768111 or higher. For more information, see VMware ESXi 5.0, Patch ESXi-5.0.0-20120704001-standard (2019113).
  • vSphere ESXi 5.1 build 799733 or higher. For more information, see VMware vSphere 5.1 Release Notes.
  • vSphere ESXi 5.5 build 1331820 or higher. For more information, see VMware vSphere 5.5 Release Notes.
• For TCP syslog traffic:
   
  • vSphere ESXi 5.0 build 1489271 or higher. For more information, see VMware ESXi 5.0, Patch Release ESXi500-201401001 (2065814).
  • vSphere ESXi 5.1 build 1483097 or higher. For more information, see VMware ESXi 5.1 Update 2 Release Notes.
  • vSphere ESXi 5.5 build 1331820 or higher. For more information, see VMware vSphere 5.5 Release Notes.
  
  You can download the latest vSphere 5.1 and vSphere 5.5 releases from the VMware Download Center.
   

Manual Reconnection

If the vSphere ESXi syslog service does not automatically re-establish the connection to the remote syslog server, reconnect manually.

To reconnect manually:

1. Open the local or remote ESXi Shell. For more information, see Using ESXi Shell in ESXi 5.x (2004746).
    
2. Reload the syslog server by running the command:
   
   esxcli [--server hostname --user username] system syslog reload
   
   Note: If the esxcli system syslog reload command returns the error Failed to signal reload to vmsyslogd, then the vmsyslogd process is likely not running. Continue with steps in the Starting Service section.
    

Starting the service

If the vSphere ESXi syslog service is not running correctly or has exited, start the service.

To start the syslog service:

1. Open the local ESXi Shell on the affected ESXi host. For more information, see Using ESXi Shell in ESXi 5.x (2004746).
    
2. Validate that the syslog service daemon vmsyslogd is not running by running the command:
   
   ps -Cuv | grep vmsyslogd
    
3. If the command does not return a result, start the syslog service daemon by running the command:
   
   /usr/lib/vmware/vmsyslog/bin/vmsyslogd
    
4. Load the syslog configuration by running the command:
   
   esxcli system syslog reload
    

Additional Information

• 日本語: VMware ESXi 5.x ホストがリモート サーバへの syslog の送信を停止する (2093507)
• 简体中文: VMware ESXi 5.x 主机停止向远程服务器发送 syslog (2097870)