VMware Cloud Community
blackj
Contributor
Contributor
‎06-09-2009 05:11 AM

ESX 3.5 Log Schemas and Event List

Good Afternoon All,

We have been unable to track down any log schemas or white papers on log events for ESX 3.5. Has anyone else managed to acquired such information?

Parsing the log information we find that we are limited to the events that we have so far produced in our log files. Thus any new events that come up will not be parsed and thus could be over looked. We are looking for a definitive list of events that could be produced in each log file for ESX 3.5.

We seem to be unable to track down schema information for the logs as well.

For instance in hostd.log there is a numeric number in the record identification area:

Event 364 : User root@127.0.0.1 logged in

Task Created : haTask-896-vim.VirtualMachine.powerOn-3307

Does anyone know what the numbers 66567664 and 79985584 represent, are they thread id's?

Any information that some one has on ESX log forensics would be appreciated

Reply
0 Kudos
5 Replies
satishgte
Enthusiast
Enthusiast
‎06-09-2009 10:29 AM

Hi

Please cjecl var/log/vmware

Reply
0 Kudos
Texiwill
Leadership
Leadership
‎06-10-2009 10:05 PM

Hello,

Moved to the ESX v3.5 forum.

Unfortunately there is no real documentation on the meanings of all the numbers within all the logfiles. I would pay more attention to the ha-Task item than the actual EventID as it repeats what is happening. If you really need those numbers and what they mean I would open a support request with VMware to ask if they can retreive that information.


Best regards, Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
AndreTheGiant
Immortal
Immortal
‎06-12-2009 01:46 AM

Maybe you can use those links:

http://blog.scottlowe.org/2007/09/12/vmworld-2007-session-on-advanced-diagnostics-log-analysis/

http://vmetc.com/2008/05/13/troubleshooting-esx-logs/

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos
blackj
Contributor
Contributor
‎06-12-2009 02:06 AM

All,

Yes from what we have found on all the web sites and documentation we have, there does not appear to be any freely available information.

I think we are going to need to become Co-Development partners with VMware to move forward.

Thank you for responding though

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal
‎06-12-2009 02:15 AM

there does not appear to be any freely available information.

True, I can only confirm the comment of .

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos