Redirecting vCO logs to Syslog (…and other…)

Don’t use this in current vRO versions! Any changes made to the log4j.xml file will be overwritten by Control Center. Use the logging settings in Control Center instead!

The vCO Log Mechanism

VMware vCenter Orchestrator uses log4j (Version 1.2) for technical logging. Log entries from following sources are routed through this library:

  • vCO Server log messages
  • Workflow errors
  • Workflow log messages created via System.log|debug|error|warn(“logtext”) in a scriptable task
  • Action log messages created via System.log|debug|error|warn(“another logtest”)
  • Plugin log messages

In the default settings the log messages are written to the logfiles server.log and scripts-log.log in the folder %INSTALLDIR%\app-server\server\vmo\logs.

However, you can configure the settings and the targets of the in the configuration file log4j.xml in %INSTALLDIR%\app-server\server\vmo\conf.


This configuration-file is watched automatically by the vCO server, you there is no need to restart the service after you changed the log4j.xml file, just wait a couple of seconds until you see this message in the server.log:

...[Log4jService$URLWatchTimerTask] Configuring from URL: resource:log4j.xml

(and yes, if you misconfigured it, this might be the last message you see 😈 )

Redirecting to Syslog

Because log4j supports a lot of different targets out of the box, you can easily re-route the log messages to an external syslog server:

1. Configure a new Log Appender in the log4j.xml, and configure the target SyslogHost, the syslog facility and the message layout:

<appender name="SYSLOG">
   <param name="SyslogHost" value=""/>
   <param name="Facility" value="USER"/>
   <param name="FacilityPrinting" value="true"/>
      <param name="ConversionPattern" value="%t %5r %-5p %-21d{yyyyMMdd HH:mm:ss,SSS} %c{2} [%x] %m %n"/>

2. Route the log messages to this new appender, e.g. for all messages add the new appender-ref in the <root>-section at the end of the file:

<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->

   <priority value="INFO"/>

   <appender-ref ref="CONSOLE"/>
   <appender-ref ref="FILE"/>
   <appender-ref ref="SYSLOG" />

3. (Don’t forget to adjust the firewall settings of your vCO-Server and/or your Syslog Host if necessary, the built-in syslog appender uses UDP/514.)

4. See the log messages arriving on your Syslog Host….

For further details about the configuration, see the References section below…

Sending SNMP-Traps

Besides syslog it’s also possible to send log messages as SNMP-Traps to a monitoring system. For that, vCO already includes an additional log4j-library (NOT related to the SNMP-Plugin for vCO), and you can use it out of the box with following appender-config:

<appender name="TRAP_LOG">
<param name="ImplementationClassName" value="org.apache.log4j.ext.JoeSNMPTrapSender" />
<param name="ManagementHost" value="" />
<param name="ManagementHostTrapListenPort" value="162" />
<param name="EnterpriseOID" value="" />
<param name="LocalIPAddress" value="vco01-219.vcolab.local" />
<param name="LocalTrapSendPort" value="161" />
<param name="GenericTrapType" value="6" />
<param name="SpecificTrapType" value="12345678" />
<param name="CommunityString" value="public" />
<param name="ForwardStackTraceWithTrap" value="true" />
<param name="Threshold" value="DEBUG" />
<param name="ApplicationTrapOID" value="" />
<param name="ConversionPattern" value="%d,%p,[%t],[%c],%m%n" />

And of course you have to add this appender to the <root>-section:

<appender-ref ref="TRAP_LOG" />

Again, don’t forget to open the Firewall (usually UDP/162).

If you only want to send SNMP-Traps in rare specific cases (and not for all the log messages), consider rather to use the SNMP-Plugin for vCO, it contains a pre-build workflow to send SNMP-Traps…


Besides these small examples of additional appenders log4j offers a lot more configuration parameters. For further reading, start here:

Happy logging! 😀