VMware Networking Community
VolksDude
Contributor
Contributor
‎02-02-2018 05:51 AM

NSX 6.4 Linux Guest Introspection not working

Hi everyone,

I have been troubleshooting this for a while and I wonder if people have any ideas. I'm trying to make Guest Introspection work with RHEL7 VM install. I'm currently running this...

vCenter : 6.5 7515524

ESXi : 6.5 7526125

NSX : 6.4.0.7564187

Guest Introspection VMs on all hosts : 6.4.0.7412345

RHEL7.4 VM

Guest Introspection Service on RHEL7 VM : 6.3.3

When I try to do Endpoint Monitoring, I don't see any data from a RHEL VM. (Data Collection is enabled but there is no data available yet). However, when I try with a Windows VM, I can see everything in under 5 minutes.

I changed the debug level and the location of logs for the vsepd service and I can see in the Linux VM the data in the logs but the hypervisor doesn't seem to take it.

I used the package for RHEL called vmware-nsx-gi-file-6.3.3.5604684-1.rhel.x86_64.rpm. That's the latest I could find from VMware's Website.

I tried with the Open-VM-Tools and the VMware Tools.

Any ideas what to try next?

Thanks

0 Kudos
3 Replies
cnrz
Expert
Expert
‎02-02-2018 07:52 AM

NSX 6.3 did not support Linux Guest Introspeciton. NSX 6.4 release notes Guest Introspection for Linux supported for RHEL 7 GA(64 bit) version.

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_640.html

Guest Introspection for LinuxThis NSX version supports the following Linux versions:
  • RHEL 7 GA (64 bit)
  • SLES 12 GA (64 bit)
  • Ubuntu 14.04 LTS (64 bit)

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/com.vmware.nsx.troubleshooting.doc/GUID-B93F68...

Does the GI File number shows for RHEL 7, or 6?

Collect environment details:

  1. ESXi build version - Run the commanduname –a on the ESXi host or click on a host in the vSphere Web Client and look for the build number at top of the right-hand pane.
  2. Linux product version and build number

usr/sbin/vsep -v will give the production version

Build number
 ------------------
 Ubuntu 
dpkg -l | grep vmware-nsx-gi-file 
SLES12 and RHEL7 
rpm -qa | grep vmware-nsx-gi-file
0 Kudos
VolksDude
Contributor
Contributor
‎02-02-2018 08:18 AM

So I'm running NSX 6.4 build 7564187

vsep -v

Guest Introspection Service Version:

6.3.3

rpm -qa | grep vmware-nsx-gi-file

vmware-nsx-gi-file-6.3.3.5604684-1.rhel.x86_64

ESXi Version 6.5 Build 7526125

0 Kudos
VolksDude
Contributor
Contributor
‎02-02-2018 11:40 AM

Well....Just saw this magic line in the book..

"Guest Introspection supports File Introspection in Linux for anti-virus only."

Damn!!

Thanks

0 Kudos