VMware Cloud Community
VCPGuru
Contributor
Contributor
‎02-12-2009 05:58 AM
Jump to solution

ESX logs

hi all

I read the VMware Security Hardening documentation and they told, that you should controll regulary all your ESX logs. I now want to setup, that all the ESX logs came to an central syslog server.

Which logs are important (only "error" and "warnings" logs)? Which logs are you controlling regulary? Are there some best practices?

Best Regards Simon Ciglia
Tags (3)
Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎02-12-2009 09:25 AM
Jump to solution

Hello,

I would add all logs to this list actually, specifically once that talk through syslog, which is the one that you can redirect. Also, setup SUDO to use syslog and you will have a better set of items.

All the log files mentioned actually use syslog so you are safe there.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
3 Replies
kooltechies
Expert
Expert
‎02-12-2009 06:05 AM
Jump to solution

Hi,

Ideally error and warnings should be part of monitoring , but if you are looking for specific files I would say these are some important ones.

/var/log/vmkernel

/var/log/vmkwarning

/var/log/vmware/hostd.log

/var/log/vmware/esxupdate.log

/var/log/messages

/var/log/vmware/vpx/vpxa.log

Thanks,

Samir

P.S : If you think that the answer is helpful please consider rewarding points.

Blog : http://thinkingloudoncloud.com || Twitter : @kooltechies || P.S : If you think that the answer is correct/helpful please consider rewarding points.
Reply
gary1012
Expert
Expert
‎02-12-2009 06:13 AM
Jump to solution

I'd add /var/log/secure to that list.

Community Supported, Community Rewarded - Please consider marking questions answered and awarding points to the correct post. It helps us all.
Reply
Texiwill
Leadership
Leadership
‎02-12-2009 09:25 AM
Jump to solution

Hello,

I would add all logs to this list actually, specifically once that talk through syslog, which is the one that you can redirect. Also, setup SUDO to use syslog and you will have a better set of items.

All the log files mentioned actually use syslog so you are safe there.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos