VMware: Troubleshooting - How to list the log files on VMware vSphere ESX

-
The following log files contain information that needs to be track on a VMware vSphere ESX Host to be in compliance with many security standards and best practices
We can also use syslog or splunk lightweight forwarders for this purpose.

/var/log/vmkernel
/var/log/secure
/var/log/vmkwarning
/var/log/vmksummary
/var/log/vmksummary.txt
/var/log/messages
/var/log/vmware/*.log
/var/log/vmware/aam/*.log
/var/log/vmware/aam/*.err
/var/log/vmware/webAccess/*.log
/var/log/vmware/vpx/vpxa.log
/vmfs/volumes/*/*/*.log

Table with Explanation of files to log for VMware vSphere ESX

Component
Location
Purpose
 VMkernel
 /var/log/vmkernel
 Records activities related to the virtual machines and ESX
VMkernel warnings
/var/log/vmkwarning
Records activities with the virtual machines
VMkernel summary
/var/log/vmksummary
Used to determine uptime and availability statistics for ESX; comma separated
VMkernel summary human readable
/var/log/vmksummary.txt
Used to determine uptime and availability statistics for ESX; humanreadable summary
ESX host agent log
/var/log/vmware/hostd.log
Contains information on the agent that manages and configures the ESX host and its virtual machines
vCenter agent
/var/log/vmware/vpx/vpxa.log
Contains information on the agent that communicates with vCenter
Web access
Log all the files in the directory /var/log/vmware/webAccess/*.log
client.log, proxy.log, unitTest.log, viewhelper.log, objectMonitor.log, timer.log, updateThread.log
Records information on Web-based access to ESX
(service vmware-webAccess start on ESX host to enable this)
Authentication log
/var/log/secure
Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd.
Service Console
/var/log/messages
Contain all general log messages used to troubleshoot virtual machines or ESX
Virtual machines
The same directory as the affected virtual machine’s configuration files; named vmware.log and vmware*.log
/vmfs/volumes/<DS>/<VM>/vmware.log
/vmfs/volumes/<DS>/<VM>/vmware-*.log
Contain Virtual Machine Power Events, system crashes, Tools status and activity, Time Sync, Virtual Hardware changes, VMotion Migrations, Machine Clones,

Comments

Post a Comment

Popular posts from this blog

Part - 1 : Windows Administrator: L1: Interview question & Answer for AD, DNS, DHCP, WINS & DFS

-
Image
Part - 1 : Interview question & Answer for AD, DNS, DHCP, WINS & DFS Active Directory Active Directory is a centralized and standardized system, stores information about objects in a network and makes this information available to users and network administrators. Domain Controller In an Active Directory forest, the domain controller is a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources.
Read more

Windows: Interview Q & A: L1 & L2 Interview question

-
Image
Active Directory Active Directory is a centralized and standardized system, stores information about objects in a network and makes this information available to users and network administrators. Domain Controller In an Active Directory forest, the domain controller is a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Global catalog server A global catalog server is a domain controller that stores information about all objects in the forest. Like all domain controllers, a global catalog server stores full, writable replicas of the schema and configuration directory partitions and a full, writable replica of the domain directory partition for the domain that it is hosting. In addition, a global catalog server stores a partial, read-only replica of every other domain in th e forest. Partial replicas are stored on Global Catalog servers so that searches of the e...
Read more

Microsoft: How to Troubleshooting Windows Server 2008 R2 & 2012 Failover Clusters.

-
Image
How to Troubleshooting Windows Server 2008 R2 & 2012 Failover Clusters. I was configuring windows 2012 cluster on xen cloud platform and found this troubleshoot guide from microsoft blog, really usefull and easy to find an error. How to get to the root of the problem In "Troubleshooting Windows Server 2008 R2 Failover Clusters," the locations and tips for where you can go to get the data you need to troubleshoot a problem. Now I'll discuss some of the improvements made to the troubleshooting tools for  Windows Server 2012  failover clusters and show you how to take advantage of those tools. Introducing the New Event Channels There are some new event channels for failover clustering to help with troubleshooting. Figure 1 shows all the available channels. Figure 1: Event Channels for Failover Clustering in Server 2012 Note that the events are specific to the node you're on. Knowing the purpose of each event channel can help you find the e...
Read more