ESXi hosts which are booting from SAN or USB flash media do not have a permanent scratch location. Instead a path /tmp/Scratch will be mapped into their RAMdisk. That has a big disadvantage, because after a reboot all logs are lost. Especially for troubleshooting this is a real problem.Continue reading “Move ESXi scratch location”
Setting up syslog export on Brocade FC-Switches
Browsing through logs of many different devices can be a cumbersome duty. It is much better to aggregate logs from different devices on a dedicated syslog server. To make this possible, a syslog server needs to be registered on the device.
I will show here how to configure a Brocade FibeChannel switch that it will send logs to a syslog server.
- FOS 7.4 or higher
- Access to CLI (serial or SSH)
Register IP address of syslog server on switch.
syslogadmin --set -ip <syslogserver>
To check status, use the show command.
syslogadmin --show -ip
To revert settings and deregister syslog server from switch use command:
syslogadmin --remove -ip <syslogserver>
Timesync with a NTP source is crucial in order to correlate events precisely. Therefore we need to register a NTP server on the (principal) switch.
Choosing the local timezone is best in interactive mode.
Using Log Insight as Syslog Server for HPE 5000 series Switches
In one of my last posts I’ve shown how to collect and monitor status logs of many different systems wit vRealize Log Insight. In this post I will show how to leverage Log Insight as syslog target for HPE switches.
Basically you can use Log Insight for any system that uses the syslog protocol, but there might be slight differences in the data structure of the transmitted datasets. For example some HPE FlexFabric 5000 series switches sent the year of the timestamp where Log Insight expected to find the hostname. Not very useful, because you want to know WHO sent that dataset.
The following commands on the switch shell will prepare the switch for logging to a remotehost and adjust the dataset to read properly by Log Insight. Finally you tell the switch which VLAN interface should be used to communicate with the loghost. In my simple example it’s VLAN interface 1. You’ll have to adjust values for loghost and interface according to your infrastructure.
system-view info-center enable info-center loghost s-vlog.mydomain.local port 514 info-center timestamp loghost no-year-date info-center loghost source Vlan-interface 1
Syslog Server – a time saving tool
Today I’m writing about a use case, which is not very popular amongst IT professionals. Troubleshooting by parsing system logs. Sounds attractive as a dental surgery.
Almost any system and any component logs events, warnings and errors into some kind of internal log. Emphasis is on any and internal, because that’s part of the problem. Log information isn’t usually easy accessible. And once you’ve copied all logs to a common location, you need to scroll through it by a text editor. This is cumbersome and tricky. If you – for example – have to align events from a server with events from a switch, you’ll need multiple steps to achieve it. A very time-consuming procedure. If you have bad luck (Murphy says, you will..), one of the components is unavailable, because an error occurred. No log – no analysis. Continue reading “Increase efficiency with vRealize Log Insight”