Skip to content

Instantly share code, notes, and snippets.

@dnozay
Last active January 20, 2023 19:42
Show Gist options
  • Save dnozay/9352804 to your computer and use it in GitHub Desktop.
Save dnozay/9352804 to your computer and use it in GitHub Desktop.
syslog (port 10514) firewall configuration for vSphere
goal
----
The goal is send syslog traffic to a remote host and use unpriviledged ports;
so that I can have my logstash (http://logstash.net/) server not need to
run as root. On vSphere 5.1, tcp 1514 is covered by the syslog rule, but
in my case udp is preferred.
installation
------------
scp the xml file into /etc/vmware/firewall
# reload firewall settings from disk
esxcli network firewall unload
esxcli network firewall load
# enable the outbound syslog traffic on port 10514
esxcli network firewall ruleset set -e true -r syslogPort10514
# (optional) disable outbound traffic on default port
esxcli network firewall ruleset set -e false -r syslog
# configure remote syslog host. AFAIK, when using tcp, it does not reopen
# a connection if the connection drops, which happens when bringing
# e.g. logstash server down and back up; so use UDP.
esxcli system syslog config set --loghost udp://someipaddress:10514
# reload configuration
esxcli system syslog reload
# test message
esxcli system syslog mark -s "test log"
<!-- /etc/vmware/firewall/syslogPort10514.xml -->
<!-- remote syslog configuration -->
<ConfigRoot>
<service>
<id>syslogPort10514</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>udp</protocol>
<porttype>dst</porttype>
<port>10514</port>
</rule>
<rule id='0001'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>10514</port>
</rule>
<enabled>false</enabled>
<required>false</required>
</service>
</ConfigRoot>
@Kilthor
Copy link

Kilthor commented Oct 16, 2021

Thank you! Solved Problem!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment