In ESXi's hot web page's event list, nearly every minutes, there are messages saying "User firstname.lastname@example.org logged in as" and immediately "User email@example.com logged out". Even if I reboot the host, the messages continues. What does the message come from? 127.0.0.1 seems it comes from the host itself, why? What it is doing?
ESXi: 6.0.0 Update 3 (Build 5050593)
And, I inspected /var/log/hostd.log, it has more details:
Want to know the reason. And what is sub=Vimsvc.ha-eventmgr? is Vimsvc.ha-eventmgr related to High Availablity?
Thanks a lot!
Thank you very much, diegodco31. Read the thread you metioned found that though iit is very simialr, the issue is different from our issue. In that thread the message is:
"User firstname.lastname@example.org logged in as VMware-client/5.1.0
User email@example.com logged out (login time: 25-08-2016 19:15:01, number of API invocations: 0, user agent: VMware-client/5.1.0) "
and every 5 minutes the message appears. And in our issue the message is:
User firstname.lastname@example.org logged in as
User email@example.com logged out (login time: Tuesday, 05 March, 2019, 17:43:01, number of API invocations: 0, user agent: )
and every minute the message appears, also there is no User agent in log message, which gives more suspious and strange.
In another comment sayingt that in hostd.log ( under /var/log) and search for this string " number of API invocations: 0, user agent: VMware-client/5.1.0" .
That line of log will tell who is invoking this . Most probably this can be "Vimsvc.ha-eventmgr" , which tells that HA agent is trying to get some status and then logging out.
Our issue has this message, but HA is not enabled in our enviroment.
Thank you again diegodco31! We appreciate your help and looking forward to further information.
it's a few month already, but did you ever find a solution or at lest a cause for this issue?
I am seeing very similar events on some of our servers (Lenovo) and here it seems to caused by a Lenovo provided script that's executed every minute via cron.
#min hour day mon dow command
* * * * * /etc/cim/lenovo/refresh.sh # Refresh the firewall settings every one minute
Commenting out the script and restarting crond causes the events to disappear.
However there might be a valid reason for this script to run regularly so I'm not sure if I should really disable it.
Also there is another Lenovo ESXi server with the same cron entry without the firstname.lastname@example.org entries in hostd.log...
For Lenovo servers this forum topic is interesting: ESXi 6.0u3 Custom Image throws information messages every minute on hosts - Lenovo Community
So insted of just disabling the script I updated the servers using the latest Lenovo provided Image for the respective vSphere version and now at least the frequency of the email@example.com logged in / logged out messages did significantly drop