Symptoms
The syslog daemon rsyslogd is not writing to the logs it manages, such as
/var/log/vmware/messages/var/log/vmware/vmdird/vmdird-syslog.log etc.
Cause
This issue is caused by unforeseen changes in the opensource rsyslog library employed by the vCenter appliance in 7.0+
Impact / Risks
Remote logging will not be collected for vmdird service(s).
Resolution
This issue is resolved in vCenter Server 7.0 U3o, version 7.0.3.01700, build 22357613.
Workaround
Scripted Workaround
Copy the syslogConfigFix.sh script attached to this article to the problem vCenter appliance.Make the script executable by running:
chmod +x syslogConfigFix.sh
Execute the script by running:
# ./syslogConfigFix.sh
For Example:
root@vcsa_name [ ~ ]# chmod +x syslogConfigFix.sh
root@vcsa_name [ ~ ]# ./syslogConfigFix.sh
Manual Workaround
Take a backup of /etc/rsyslog.conf
cp /etc/rsyslog.conf /etc/rsyslog.conf.bak
In /etc/rsyslog.conf, check for *.* ?esxLoc;esxFmt and replace it with if ($hostname != $$myhostname ) then ?esxLoc;esxFmtSave the fileTake a backup of /etc/vmware-syslog/syslog.conf
cp /etc/vmware-syslog/syslog.conf /etc/vmware-syslog/syslog.conf.bak
In /etc/vmware-syslog/syslog.conf, check for & stop at the bottom and remove it.Restart the rsyslog service:
# systemctl restart rsyslog
