I did some digging and my findings are as follows.
Hope this is of some help!!
Hope this is of some help!!
ESX 4.x (classic version):
(All log files other than hostd and vpxa log file)
The default configuration for the various log files is controlled by "/etc/logrotate.conf" file.
Log file rotation is daily, weekly, monthly or yearly.
Log file retention is controlled by a numerical value - 'rotate 4' , etc.
So if we need to have 4 weeks of log files, the settings would be 'weekly' and 'rotate 4'.
In addition to this file, we have specific config files located in "/etc/logrotate.d" folder. Some of them are as follows.
syslog
vmkernel
vmkiscsid
vmkproxy
vmksummary
vmkwarning
We can control the logging for these log files individually. For example if we need vmkernel log files to be rotated on a daily basis and retention to be for 30
days, the settings in the corresponding file would be as follows.
--daily
--rotate 30
In addition to this we can also control the size of the file, by specifying the max size.
--size 200k
For log files not located in this folder, "/etc/logrotate.d", they are controlled by the settings in "/etc/logrotate.conf"
hostd log file - ESX & ESXi - all versions (4.x & 5.x)
Necessary changes have to be made in the below file.
/etc/vmware/hostd/config.xml
<directory>/var/log/vmware/</directory>
<level>verbose</level> -------trivia / info / verbose / .....
<maxFileSize>5242880</maxFileSize>
<maxFileNum>50</maxFileNum>
vpxa log file - ESX & ESXi - all versions (4.x & 5.x)
Necessary changes have to be made in the below file.
/etc/opt/vmware/vpxa/vpxa.cfg
<maxFileNum>50</maxFileNum> -- Maximum number of log files
<maxFileSize>5242880</maxFileSize> -- Maximum size of each log file, in bytes.
<level>verbose</level> -- Log Level (The default level is "verbose". To increase it, change it to "trivia".)
ESXi 4.x - messages log file
By default, only 24 hours of logs are retained. Logs are lost on reboot. (as per vSphere hardening guide).
To change the defaults, log into the busybox console and configure the syslogd.
#busybox syslogd --help
ESXi 5.x
Note:
The logging in ESXi 5.x is redirected to syslog by default, which is not the case in older versions where you need to configure syslog only if you are redirecting the logs to a syslog server. In ESXi 5.x, the syslog service is responsible for sending the log files to the scratch partition.
If you dont want to use syslog, and want to log files directly to disk, then you need to make a change in "/etc/vmware/hostd/config.xml".
Change the below value to true.
<!-- If true, log to files on disk -->
<outputToFiles>false</outputToFiles>
VMware vSphere ESXi 5.0 hosts run a syslog service (vmsyslogd) that provides a standard mechanism for logging messages from the VMkernel and other system components.
Local and Remote syslog functionality can be configured for a host using the esxcli command line utility.
esxcli system syslog config set --help
--default-rotate=<long>
Default number of rotated logs to keep
--default-size=<long> Default size of logs before rotation, in KiB
--logdir=<str> The directory to output logs to
--logdir-unique Place logs in a unique subdirectory of logdir, based on hostname
--loghost=<str> The remote host to output logs to
--reset=<str> Reset values to default
esxcli system syslog config logger list
-- Show the currently configured sub-loggers - different log files
Notes:
Logs sent to Syslog server - KB 2003322 - Retention, rotation and splitting of logs received and managed by a syslog server are fully controlled by that syslog server. ESXi 5.0 cannot configure or control log management on a remote syslog server.
Regardless of the additional syslog configuration specified using these options, logs continue to be placed on the default locations on the ESXi host.
