vRealize Log Insight

Syslog Server storage logs size calculation

Posted on April 21, 2015 Updated on April 15, 2026

Upgrading your syslog retention is a great move for troubleshooting depth, but as your math shows, it comes with a significant increase in storage demands. Moving from 4GB to 40GB is a 10x jump, so ensuring your volume can handle the growth is critical.

Here is the breakdown of the calculation and the step-by-step guide to applying these changes.

📊 Syslog Storage Planning

Before modifying configuration files, verify your available disk space. Using your specific requirements for 100 hosts:

Variable	Current Setting	Desired Setting
Max Log Size	2 MB	10 MB
Rotation Count	20 Files	40 Files
Retention per Host	40 MB	400 MB
Total Storage (100 Hosts)	4,000 MB (4GB)	40,000 MB (40GB)

⚠️ A Note on Scalability

While you are planning for 100 hosts, keep in mind that the VMware Syslog Collector for Windows is officially supported for up to 30 hosts.

The Risk: Beyond 30 hosts, the service may stop responding or drop logs without an error message.
The Fix: If you need to support 100 hosts reliably, consider deploying multiple collectors or moving to a high-scale solution like VMware vRealize Log Insight.

🛠️ How to Modify Syslog Collector Configuration

To apply your new 10MB / 40 Rotate policy, you must manually edit the configuration XML.

1. Locate and Backup

Before editing, create a copy of the configuration file.

vCenter 6.0: %PROGRAMDATA%\VMware\vCenterServer\cfg\vmsyslogcollector\config.xml
vCenter 5.5 & older: %PROGRAMDATA%\VMware\VMware Syslog Collector\vmconfig-syslog.xml

2. Edit the XML

Open the copy in a text editor (like Notepad++) and locate the <defaultValues> section. Update the values as follows:

<defaultValues>
    <port>514</port>
    <protocol>TCP,UDP</protocol>
    <maxSize>10</maxSize>
    <rotate>40</rotate>
    <sslPort>1514</sslPort>
</defaultValues>

3. Swap and Restart

Stop the Service: Open services.msc and stop the VMware Syslog Collector.
Replace File: Delete the original config.xml and rename your modified copy to the original filename.
Start the Service: Restart the VMware Syslog Collector.

Lazy Admin Tip: If the logs don’t start flowing immediately, you may need to restart the syslog service on the ESXi hosts themselves to re-establish the connection to the server.

#VMware #vSphere #Syslog #DataCenter #Storage #SysAdmin #ITPro #Virtualization #LogManagement #LazyAdmin #TechGuide

This entry was posted in VMware, Windows and tagged ESXi, Log Rotation, Storage Planning, Syslog, Troubleshooting, vcenter, VMware, vRealize Log Insight.