I was trying to find a way to create a syslog server where I could centralize all my ESX hosts' logs. I was between options (like Kiwi, phpsyslog-ng, etc.) when I decided to do it with Adiscon LogAnalyzer, which is a free and opensource solution. I'll post a guide for its installation in another post (because I actually installed it successfully all the way).
When I was about to add the ESX hosts to my sources list in the syslog server, I found out that vSphere 5 contains a new feature called VMware Syslog Collector, and since we'll be migrating to that version in a few weeks, makes no sense to move on with my LogAnalyzer.
If you don't know what Syslog Collector is, let me give you a brief intro:
VMware Syslog Collector is a tool that provides a centralized repository for logs from multiple ESX/ESXi hosts. Having installed Syslog Collector, you can redirect every log entry from your ESX/ESXi hosts to this repo in the network, instead of hosting them locally, easying up our troubleshooting jobs. This is extremely important considering that in ESXi logs are hosted locally by a very limited amount of time.
Syslog Collector can be installed in the same server with vCenter Server, or in a separate one that can connect to vCenter Server, like our current Update Manager server.
If you already have vSphere 5 and want to install it, you can follow the post in VMware Blog explaining it:
Let me know what you think and if you installed it, share your experience.