Good Afternoon All,
We have been unable to track down any log schemas or white papers on log events for ESX 3.5. Has anyone else managed to acquired such information?
Parsing the log information we find that we are limited to the events that we have so far produced in our log files. Thus any new events that come up will not be parsed and thus could be over looked. We are looking for a definitive list of events that could be produced in each log file for ESX 3.5.
We seem to be unable to track down schema information for the logs as well.
For instance in hostd.log there is a numeric number in the record identification area:
Event 364 : User root@127.0.0.1 logged in
Task Created : haTask-896-vim.VirtualMachine.powerOn-3307
Does anyone know what the numbers 66567664 and 79985584 represent, are they thread id's?
Any information that some one has on ESX log forensics would be appreciated
Hi
Please cjecl var/log/vmware
Hello,
Moved to the ESX v3.5 forum.
Unfortunately there is no real documentation on the meanings of all the numbers within all the logfiles. I would pay more attention to the ha-Task item than the actual EventID as it repeats what is happening. If you really need those numbers and what they mean I would open a support request with VMware to ask if they can retreive that information.
Best regards, Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]
Maybe you can use those links:
http://blog.scottlowe.org/2007/09/12/vmworld-2007-session-on-advanced-diagnostics-log-analysis/
http://vmetc.com/2008/05/13/troubleshooting-esx-logs/
Andre
**if you found this or any other answer useful please consider allocating points for helpful or correct answers
All,
Yes from what we have found on all the web sites and documentation we have, there does not appear to be any freely available information.
I think we are going to need to become Co-Development partners with VMware to move forward.
Thank you for responding though
there does not appear to be any freely available information.
True, I can only confirm the comment of .
Andre
**if you found this or any other answer useful please consider allocating points for helpful or correct answers
