Last active
January 20, 2023 19:42
-
-
Save dnozay/9352804 to your computer and use it in GitHub Desktop.
syslog (port 10514) firewall configuration for vSphere
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| goal | |
| ---- | |
| The goal is send syslog traffic to a remote host and use unpriviledged ports; | |
| so that I can have my logstash (http://logstash.net/) server not need to | |
| run as root. On vSphere 5.1, tcp 1514 is covered by the syslog rule, but | |
| in my case udp is preferred. | |
| installation | |
| ------------ | |
| scp the xml file into /etc/vmware/firewall | |
| # reload firewall settings from disk | |
| esxcli network firewall unload | |
| esxcli network firewall load | |
| # enable the outbound syslog traffic on port 10514 | |
| esxcli network firewall ruleset set -e true -r syslogPort10514 | |
| # (optional) disable outbound traffic on default port | |
| esxcli network firewall ruleset set -e false -r syslog | |
| # configure remote syslog host. AFAIK, when using tcp, it does not reopen | |
| # a connection if the connection drops, which happens when bringing | |
| # e.g. logstash server down and back up; so use UDP. | |
| esxcli system syslog config set --loghost udp://someipaddress:10514 | |
| # reload configuration | |
| esxcli system syslog reload | |
| # test message | |
| esxcli system syslog mark -s "test log" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- /etc/vmware/firewall/syslogPort10514.xml --> | |
| <!-- remote syslog configuration --> | |
| <ConfigRoot> | |
| <service> | |
| <id>syslogPort10514</id> | |
| <rule id='0000'> | |
| <direction>outbound</direction> | |
| <protocol>udp</protocol> | |
| <porttype>dst</porttype> | |
| <port>10514</port> | |
| </rule> | |
| <rule id='0001'> | |
| <direction>outbound</direction> | |
| <protocol>tcp</protocol> | |
| <porttype>dst</porttype> | |
| <port>10514</port> | |
| </rule> | |
| <enabled>false</enabled> | |
| <required>false</required> | |
| </service> | |
| </ConfigRoot> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks. Helped me out to configure my ESXI 7.x host. Credit added to my internal wiki!