PowerCLI: Configure/Enable Remote Syslog

[Updated ESXCLI call to v2 to reload syslog service]
Been spoiled w/ Log Insight, so didn't realize what I needed to do to get logs forwarded to Splunk Cloud from ESXi hosts.  Here is the script I wrote up to do so:

#Gets your list of hosts to configure for remote syslog.
$VMHosts = Get-VMHost
#$VMHosts = Get-Cluster MyCluster | Get-VMHost #Uncomment and comment line above if you want to target hosts in a cluster only.
#The remote syslog destination(s).
$SyslogValue = "tcp://192.168.123.5:514,udp://192.168.123.6:514"
#If Replace is set to true, will simply overwrite whatever is populated currently.  If False, then it will append.
$Replace = $true
#If ConfirmPreference is set to true, this script will ask you on every single host whether you want to make the change.  Set to $False, if you just want it to do it.
$ScriptConfirmPreference = $false

## Don't modify from here ##
$AdvancedSettings= $VMHosts | Get-AdvancedSetting| where {$_.name -match "syslog.global.loghost"}
Foreach ($AdvancedSetting in $AdvancedSettings)
    {
    If (!$AdvancedSetting.Value) {$AdvancedSetting| Set-AdvancedSetting-Value $SyslogValue-Confirm:$ScriptConfirmPreference}
    $CLI = $AdvancedSetting.Entity | Get-EsxCli -V2
    Switch ($Replace)
        {
        $True
            {
            $AdvancedSetting | Set-AdvancedSetting -Value $SyslogValue -Confirm:$ScriptConfirmPreference
            $AdvancedSetting.Entity | Get-VMHostFirewallException| where {$_.Name -eq "syslog"} | Set-VMHostFirewallException-Enabled $true
            $CLI.system.syslog.reload.invoke()
            }
        $False
            {
            If ($AdvancedSetting.value -match $SyslogValue)
            {Write-Host-ForegroundColor:Orange"$($AdvancedSetting.Entity) has a current value of $($AdvancedSetting.value), which seems to contain this value: $($SyslogValue).  Replace switch is false, so this script will not change it."}
            Else {$AdvancedSetting| Set-AdvancedSetting-Value ($AdvancedSetting.value + "," + $SyslogValue) -Confirm:$ScriptConfirmPreference}
            $AdvancedSetting.Entity | Get-VMHostFirewallException| where {$_.Name -eq "syslog"} | Set-VMHostFirewallException-Enabled $true
            $CLI.system.syslog.reload.invoke()
            }
       
        }

    }

Comments

Post a Comment

Popular posts from this blog

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

Image
Summary: NSX-T loses synch w/ vCenter inventory, but statuses don't appear to show an issue.  Basically, you add a host to a vCenter cluster, NSX-T bits should start to automatically installing on new host.  Assuming you've created a Transport Node Profile and associated w/ the cluster.  The problem is that NSX-T doesn't see the new host and its link to the compute manager (vCenter) looks fine. Looks fine, Y U NO WORK!? So what's going on here?  This appears to affect NSX-T 2.5 and 2.5.1.  Cause is unknown. Workaround: Restart the cm-inventory service on each NSX-T mgmt/controller node using API or CLI. Details: If you were to query the status of the cm-inventory via API or CLI, you could query all 3 manager/controller nodes and get a status of running.  Even if the primary node associated w/ the VIP, if configured, is not necessarily in charge of inventory.  So you could restart the cm-inventory service till you are blue in the face and get nowhere be
Read more

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.

Image
The VPN client was unable to successfully verify the IP forwarding table modification.  A VPN connection will not be established. Summary: I started running into issue utilizing Cisco AnyConnect on my Mac basically complaining about not able to overwrite IP forwarding tables.  This was on 4.6.x.  Since my VPN endpoints were not providing me w/ an updated client and w/ no access to Cisco Anyconnect downloads, my only option was to try openconnect.  It was totally worth it, here is why and how to set it up. PreReqs: Homebrew Installing OpenConnect: Launch MacOS Terminal brew install openconnect Getting VPN IP's/DNS Endpoints from AnyConnect: The information is typically located in your profile xml files located here: /opt/cisco/anyconnect/profile/somethingsomething.xml In the xml file, you are looking for "<HostAddress>typicallyaDNSName.com</HostAddress>" entry.  These are your VPN endpoints that you would need to pass to openconnect. Using
Read more

Azure VMware Solution: NSX-T Active/Active T0 Edges...but

Image
Summary: Azure VMware Solution (AVS) delivers by default w/ a pair of redundant Large NSX-T Edge VM's each running a T0 in active/active mode.  So why is my traffic only going out one Edge VM? Short answer: The default T1 that is delivered w/ AVS is an active/passive T1 where you connect your workloads to.  So while it could technically take either T0, it's always going to go out the closest T0 to the active "SR" T1.  Where do the SR's live?  You guessed it, on the Edge VM's.  As you can imagine, this can lead to a bottleneck if you try to shove all your traffic through a single Edge VM. Simple Diagram: Longer answer with Options:
Read more