PowerCLI: Configure/Enable Remote Syslog

[Updated ESXCLI call to v2 to reload syslog service]
Been spoiled w/ Log Insight, so didn't realize what I needed to do to get logs forwarded to Splunk Cloud from ESXi hosts.  Here is the script I wrote up to do so:

#Gets your list of hosts to configure for remote syslog.
$VMHosts = Get-VMHost
#$VMHosts = Get-Cluster MyCluster | Get-VMHost #Uncomment and comment line above if you want to target hosts in a cluster only.
#The remote syslog destination(s).
$SyslogValue = "tcp://192.168.123.5:514,udp://192.168.123.6:514"
#If Replace is set to true, will simply overwrite whatever is populated currently.  If False, then it will append.
$Replace = $true
#If ConfirmPreference is set to true, this script will ask you on every single host whether you want to make the change.  Set to $False, if you just want it to do it.
$ScriptConfirmPreference = $false

## Don't modify from here ##
$AdvancedSettings= $VMHosts | Get-AdvancedSetting| where {$_.name -match "syslog.global.loghost"}
Foreach ($AdvancedSetting in $AdvancedSettings)
    {
    If (!$AdvancedSetting.Value) {$AdvancedSetting| Set-AdvancedSetting-Value $SyslogValue-Confirm:$ScriptConfirmPreference}
    $CLI = $AdvancedSetting.Entity | Get-EsxCli -V2
    Switch ($Replace)
        {
        $True
            {
            $AdvancedSetting | Set-AdvancedSetting -Value $SyslogValue -Confirm:$ScriptConfirmPreference
            $AdvancedSetting.Entity | Get-VMHostFirewallException| where {$_.Name -eq "syslog"} | Set-VMHostFirewallException-Enabled $true
            $CLI.system.syslog.reload.invoke()
            }
        $False
            {
            If ($AdvancedSetting.value -match $SyslogValue)
            {Write-Host-ForegroundColor:Orange"$($AdvancedSetting.Entity) has a current value of $($AdvancedSetting.value), which seems to contain this value: $($SyslogValue).  Replace switch is false, so this script will not change it."}
            Else {$AdvancedSetting| Set-AdvancedSetting-Value ($AdvancedSetting.value + "," + $SyslogValue) -Confirm:$ScriptConfirmPreference}
            $AdvancedSetting.Entity | Get-VMHostFirewallException| where {$_.Name -eq "syslog"} | Set-VMHostFirewallException-Enabled $true
            $CLI.system.syslog.reload.invoke()
            }
       
        }

    }

Comments

Post a Comment

Popular posts from this blog

Misc: Navien NPE-240A Navilink App missing scheduling function

Image
NPE-240A Summary: Just had a new tankless water heater installed in my house to replace a failing 22 year-old 50 gallon tank.  Couldn't be happier w/ my new tankless, but was dealing with weirdness on the Navilink app to control/view my new Navien .  The app's scheduling function (for the recirculation pump) was missing. Solution: NR-20DU Disconnect NR-20DU remote controller. (if you want to schedule via App) *DIP Switches need to be set properly as well. In my case, w/ a bridge valve in my furthest faucet, is considered "External Recirculation". Check w/ your plumber for proper settings, they set mine properly. If you are in the Atlanta area, I highly recommend Plumbing Express LLC . Ask for Jonathan DeWeese. For reference only, these were set correctly by my plumber for my setup. DIP Switch 1 Off, 2 On.  (Internal Recirculation would be the opposite) Parameter 18 set to On (This is to enable Navilink ) These settings are detailed out in t...
Read more

iOS: Sleep Focus activating on wrong time zone

Image
Time is Relative Summary: For some strange reason, my sleep focus, was activating based upon my home timezone of EST while traveling to Japan and Australia.  My phone's timezone was correct as was my apple watch that is set to mirror my iPhone. [ Update:   While resolution below may help in some situations, I found my issue to be that I left a device (macbook pro) logged in and running in my home timezone while in Australia. It seems that there is no 'primary' controller for initializing focus modes.  It's basically whatever device sends the "It's focus time" message.  Which now explains why I has having such issues. So Apple needs to fix this by defining a primary device (should be my iPhone/Apple Watch IMYHO) so weird people like me who have multiple devices can get proper sleep outside my home timezone. ] Workaround/Resolution: Check if you have another other Apple device logged in with your Apple ID in your home location.  Chances are, if you do, that ...
Read more

VMware | AVS: Content Library or Non vCenter objects on VSAN produces unassociated but valid objects

Image
Summary: Creating or Subscribing to a Content Library on vSAN is typical practice, but the annoying side effect?  Objects created on vSAN datastore that show up as "unassociated" objects and guess what, they simply inherit the Cluster's default VSAN policy at time of import.  Yeah, dumb right?  Also, by vSAN Operations Guide Standards section 6721 subsection 4 , you shouldn't do this. So then what? In Azure VMware Solution(AVS) , you have a couple of options.  You can do what the operations guide tells you that you shouldn't do or you can do something better.  Regardless of these options, the one thing you should do, is create a global content library.   Create Global Content Library:  here are instructions to create one on an Azure blob store. You should do this, makes life easier if you can. Also a fun little experiment to play w/ Azure Functions Centralized Storage of your ISO/OVF's etc. Attach external storage (Not necessary, but I'll explain ...
Read more