Hi guys,
Maybe if I mark this as a question someone will actually reply
I raised a support ticket asking if this is normal and they came back saying this is perfectly normal and everyone receives it, it seems strange as it floods all my logs with it.
On the 'Events' page in the Virtual Infrastructre client I get this repeating all the time every second, sometimes breaks for 10 seconds then resumes:
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
We have SSH login as Root as default (disabled)
All our 5 Hosts are ESX 3.0.1
VC is 2.0.1 build 32042
VC Logging level is set to 'Info (Normal logging)
We have nothing installed on the consoles apart from the latest version of HP System Management Homepage for VMware 3
Does everyone else see this all the time like VMware support told me? its not that I dont beleive them it's just that it dosent seem right flooding the logs like it does.
Hi,
I think this is a service itself that is logging in as a root. Here you can see the description of how VirtualCenter works with the host: http://www.vmware.com/community/message.jspa?messageID=302352
Cheers,
Jeff
Come on guys this is a really simple question for anywone on a working VI3 infrastructure, do you have this repeating in your Events log?
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
User root@127.0.0.1 logged in
User root logged out
Yup, I have some of these entries in my VI3 Events tab. They seem to correspond with some changes I made to virtual machine settings.
Obviously these are configuration updates performed by the 'root' account for the hostd + vpxd services. Do you have a lot of changes happening to your VM configs on a regular basis?
Paul
Hi,
Try the following, establish an ssh session to one of the Hosts experiencing the issue.
tail -20 /var/log/vmware/hostd.log
Is the host part of a VI Cluster with HA enabled ?
You may see events pertaining to 'ha-eventmgr'
\[2007-03-19 23:17:43.080 'ha-eventmgr' 32766896 info] Event 2015 : User root@127.0.0.1 logged in
\[2007-03-19 23:17:43.080 'TaskManager' 32766896 info] Task Completed : haTask--vim.SessionManager.login-32946
\[2007-03-19 23:17:43.461 'ha-eventmgr' 14060464 info] Event 2016 : User root logged out
So I assume it is some HA process ?
Michael.
Note, I see these messages when HA is not enabled, very strange.
Message was edited by:
MichaelJKnight
The logging does not say what host it is coming from, maybe from all of them for all knows.
All hosts are in a single cluster, HA and DRS features have not been ticked as our enterprise licenses havent come through yet.
"Note, I see these messages when HA is not enabled, very strange." Could these messages only come up when HA is not used then and most peopel dont see them as they have HA enabled?
Hi,
Quick update, I see them when HA is enabled and disabled.
Where are you seeing the messages ?
Try clicking on one of your hosts in VC and nagivate to Tasks and Events tab and select events. Are they appearing here ?
Michael.
Aha your onto something its only on one of my hosts VSHA6.
How can I narrow down to what is creating this event?
Im sure theres nothing installed but just HP systems management homepage for ESX 3.0.1, here's a installed RPM package list for anything out of the ordinary:
e2fsprogs-1.32-15.1
elfutils-libelf-0.94.1-2
ethtool-1.8-3.3
file-3.39-9.EL3.3
glib-1.2.10-11.1
gmp-4.1.2-5
iputils-20020927-11.30.4vmw
laus-libs-0.1-70RHEL3
attr-2.2.0-1
acl-2.2.3-1
libstdc++-3.2.3-53
losetup-2.11y-31.12vmw
mailx-8.1.1-31.EL3
mktemp-1.5-18.2
bzip2-1.0.2-11.EL3.4
crontabs-1.10-5
hotplug-2002_04_01-20.5
mount-2.11y-31.12vmw
net-snmp-libs-5.0.9-2.30E.19
openssl-0.9.7a-33.17
pam_smb-1.1.7-1
pcre-3.9-10.2
perl-DateManip-5.42a-0.rhel3
perl-HTML-Tagset-3.03-28
perl-Parse-Yapp-1.05-30
perl-libwww-perl-5.65-6
perl-XML-Parser-2.31-15
perl-XML-Encoding-1.01-23
popt-1.8.2-24_nonptl
procmail-lockfile-3.22-10vmw
shadow-utils-4.0.3-22.03
newt-0.51.5-1
tcp_wrappers-7.6-34.1
unzip-5.50-34
vmware-hwdata-1.00-6vmw
vmware-release-3-3vmw
words-2-21
zip-2.3-16.1
libxml-1.8.17-9.2
net-snmp-5.0.9-2.30E.19
info-4.5-3
cpio-2.5-4.RHEL3
diffutils-2.8.1-8
gawk-3.1.1-9
ash-0.3.8-16
gzip-1.3.3-12.rhel3
make-3.79.1-17.1
ncurses-5.3-9.4
gpm-1.19.3-27.2
man-1.5k-11.rhel3
nscd-2.3.2-95.37
bind-libs-9.2.4-7_EL3
procps-2.0.17-13.7
readline-4.3-5.2
parted-1.6.3-48vmw
libxml2-python-2.5.10-7
rpm-4.2.3-26vmw
sed-4.0.7-3
kbd-1.08-10.2
pam-0.75-66
libuser-0.51.7-1.EL3.3
passwd-0.68-3.1
samba-client-3.0.9-1.3E.10vmw
sudo-1.6.7p5-1.2
SysVinit-2.85-4.4
mkinitrd-3.5.13-16
time-1.7-23
util-linux-2.11y-31.14vmw
vmware-python-libs-0.99-2
initscripts-7.31.30.EL-13vmw
cyrus-sasl-md5-2.1.15-10
glibc-kernheaders-2.4-8.34.2
glibc-headers-2.3.2-95.37
kernel-source-2.4.21-37.0.2.EL.32039
kernel-vmnix-2.4.21-37.0.2.EL.32039
nss_ldap-207-17
openssh-3.6.1p2-33.30.9vmw
portmap-4.0-56
tcpdump-3.7.2-7.E3.5
VMware-esx-apps-3.0.1-32039
VMware-esx-iscsi-3.0.1-32039
VMware-esx-uwlibs-3.0.1-32039
VMware-esx-vmkernel-3.0.1-32039
VMware-esx-drivers-block-DAC960-2.4.11-32039
VMware-esx-drivers-net-bcm5700-7.3.5-32039
VMware-esx-drivers-net-e100-2.3.40-32039
VMware-esx-drivers-net-pcnet32-1.30c-32039
VMware-esx-drivers-net-tg3-3.43b.1vmw-32039
VMware-esx-drivers-scsi-adp94xx-0.0.5-32039
VMware-esx-drivers-scsi-aic7xxx-6.3.9-32039
VMware-esx-drivers-scsi-lpfcdd-v732-7.3.2.1vmw-32039
VMware-esx-drivers-scsi-megaraid_sas-0.0.2-32039
VMware-esx-drivers-scsi-qla2200-v7.07-7.7.4.1vmw-32039
VMware-esx-drivers-scsi-qla4010-3.24-32039
VMware-esx-drivers-scsi-vmkiscsi-3.4.2-32039
xinetd-2.3.12-6.3E.2
yp-tools-2.8-6
rpm-libs-4.2.3-26vmw
VMware-hostd-esx-3.0.1-32039
yum-2.0.7-3vmw
VMware-esx-lnxcfg-3.0.1-32039
pegasus-2.5-8vmw
VMware-esx-perftools-3.0.1-32039
LGTOaamvm-5.1.2-1
ucd-snmp-cmaX-devel-4.2.5-266
hpsmh-2.1.2-127
hprsm-7.4.0-50.vmware
esxpress-2.3-1.esx
VMware-vpxupdate-esx-2.5.2-24525
glibc-common-2.3.2-95.37
man-pages-1.60-4.2
setup-2.5.27-1
basesystem-8.0-2
tzdata-2005m-1.EL3
beecrypt-3.0.1-0.20030630.1
bzip2-libs-1.0.2-11.EL3.4
compat-db-4.0.14-5.1
cracklib-2.7-22
dosfstools-2.8-10
eject-2.0.13-2
elfutils-0.94.1-2
expat-1.95.5-6
gdbm-1.8.0-20
glib2-2.2.3-2.0
hdparm-5.4-1
krbafs-1.1.1-11
libattr-2.2.0-1
libacl-2.2.3-1
libcap-1.10-15.1
libtermcap-2.0.8-35
lsof-4.63-4.1
mingetty-1.06-2vmw
bash-2.05b-41.4
compat-libstdc++-7.3-2.96.128
groff-1.18.1-27
iproute-2.4.7-11.30E.1
nc-1.10-18
net-tools-1.60-20E.9
pam_passwdqc-1.0.2-1
patch-2.5.4-16
perl-5.8.0-90.4
perl-Filter-1.29-3
perl-HTML-Parser-3.26-17
perl-URI-1.21-7
perl-XML-Grove-0.46alpha-25
perl-libxml-perl-0.07-28
perl-libxml-enno-1.02-29
logrotate-3.6.9-1
setserial-2.17-12
slang-1.4.5-18
tcl-8.3.5-92.4
traceroute-1.4a12-20
vim-minimal-6.3.046-0.30E.4
usbutils-0.11-2
which-2.14-7
cracklib-dicts-2.7-22
zlib-1.1.4-8.1
libxml2-2.5.10-7
rpm-build-4.2.3-26vmw
binutils-2.14.90.0.4-39
cpp-3.2.3-53
findutils-4.1.7-9
grep-2.5.1-24.5
grub-0.93-4.8
krb5-libs-1.2.7-47
modutils-2.4.25-14.EL
gdb-6.3.0.0-1.62
less-378-12
nano-1.2.1-4
openssh-clients-3.6.1p2-33.30.9vmw
pam_krb5-1.77-1
psmisc-21.3-2
ftp-0.17-17
python-2.2.3-6.2
python-optik-1.4.1-2
rpm-python-4.2.3-26vmw
dev-3.3.12.3-1
ntp-4.1.2-4.EL3.1
kudzu-1.1.22.14-4.1.4
openssh-server-3.6.1p2-33.30.9vmw
ppp-2.4.1-14.1
samba-common-3.0.9-1.3E.10vmw
sysklogd-1.4.1-26_EL3
tar-1.13.25-14.RHEL3
telnet-0.17-26.EL3.3
tmpwatch-2.8.4-5
vim-common-6.3.046-0.30E.4
VMware-webCenter-esx-2.0.1-32041
cyrus-sasl-2.1.15-10
dhclient-3.0.1-10_EL3
glibc-devel-2.3.2-95.37
gcc-3.2.3-53
kernel-utils-2.4-8.37.12
openldap-2.0.27-20
openldap-clients-2.0.27-20
pciutils-2.1.10-7
nfs-utils-1.0.6-42EL
vixie-cron-4.1-11.EL3
VMware-esx-docs-3.0.1-32039
VMware-esx-tools-3.0.1-32039
VMware-esx-vmkctl-3.0.1-32039
VMware-esx-drivers-block-cciss-2.4.54-32039
VMware-esx-drivers-net-3c90x-1.0.2-32039
VMware-esx-drivers-net-bnx2-1.3.22-32039
VMware-esx-drivers-net-e1000-7.0.33.2vmw-32039
VMware-esx-drivers-net-s2io-1.7.6-32039
VMware-esx-drivers-scsi-aacraid_esx30-1.1.5.1vmw-32039
VMware-esx-drivers-scsi-aic79xx-6.3.9-32039
VMware-esx-drivers-scsi-ips-7.10.17.1vmw-32039
VMware-esx-drivers-scsi-megaraid2-2.10.7-32039
VMware-esx-drivers-scsi-mptscsi_2xx-2.6.34.1vmw-32039
VMware-esx-drivers-scsi-qla2300-v7.07-7.7.4.1vmw-32039
VMware-esx-drivers-scsi-qla4022-3.24-32039
VMware-esx-vmx-3.0.1-32039
ypbind-1.12-5.21.6
iptables-1.2.8-12.3
VMware-esx-srvrmgmt-3.0.1-32039
VMware-esx-backuptools-3.0.1-32039
VMware-esx-scripts-3.0.1-32039
VMware-esx-3.0.1-32039
VMware-cim-esx-3.0.1-32039
LGTOaama-5.1.2-1
VMware-vpxa-2.0.1-32042
Hi,
Been seeing this in my logs on 1 host of a 3 host cluster. Every 30 minutes or so get this message, then 15 minutes later root logs out.
May not be related but CPU usage was also through the roof on the COS with vmware-hostd taking all it could get. Host is an 8-way with about 10 VMs running on it so performance wasn't a major issue but was worrying me so instead of troubleshooting it any further I deided to shoot first and ask questions later and pulled the trigger on the mgmt-vmware services. After a restart (service mgmt-vmware restart) it looks to be back to normal in terms of CPU usage. Am keeping an eye on the logs and will get back if I find anything interesting.
Cheers
DB
I dont know why VMware support said this is normal as eventually after hearing no answers I v'motioned everything off the host, removed it from the virtual infrastructure, rebooted it and added it back into the virtual infrastructure.
All these repeating root login's have now disappeared!
Hi,
are you still having this issues?
regards
gernot