Collecting logs via VMware vSphere integration

Disclaimer: I don't know much about VMware, so I'd be glad if you enlighten me when necessary.


I am trying to understand how to use this agent integration to collect logs and metrics from a vSphere setup. Metrics collection already works :white_check_mark:. I just configured the endpoint in the agent policy and the dashboards packaged with the integration started showing data.

However, I can't get log collection to work, especially because I was confused by the integration's documentation explicitly stating "This integration periodically fetches logs and metrics from vCenter servers". There are two options:

  • that's not entirely true
  • I don't understand it

The agent policy requires configuration of a udp/tcp listen port which already indicates that it's more a receiving than fetching. I could imagine an API call triggers vmware to send logs to this endpoint but the API endpoint configuration is explicitly for metrics, not for logging, so I assume this is not the case.

After reading up on the topic I realized it's probably about configuring your VMware setup to do remote syslog logging and configure the agent listening address + port there. My problem with this approach would be that the transport layer is not encrypted (+ no authentication). Is this really how it's supposed to be used? Or is the idea that the agent should be installed on each ESXi host (does it even run there?) and receive logs locally?

I tried to find some article about this use case on the internet, but nobody seems to be using this or at least no one is writing about it and the integration documentation is not clear enough.