Pattern 3 : VMKernel Messages
Vendor Documentation
https://www.vmware.com/in/products/esxi-and-esx.html https://www.vmware.com/topics/glossary/content/bare-metal-hypervisor |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Pattern 3 : VMKernel Messages | Base Rule | General Information | Information |
| VMKernel : Setting RTC Date'n'Time | Sub Rule | Configuration Modified : System | Configuration |
| VMKernel : Resetting Handle | Sub Rule | Resetting Handle | Information |
| VMKernel : Worldinit Failed | Sub Rule | World Initialization Failed | Warning |
| VMKernel : Usersocketinet | Sub Rule | Socket Initialized | Information |
| VMKernel : Usb Disconnect | Sub Rule | USB Drive Disconnected | Information |
| VMKernel : Start Opp Swapper For Checkpoint File | Sub Rule | Starting Opportunistic Swapper | Information |
| VMKernel : Sched | Sub Rule | General Information | Information |
| VMKernel : Running Wsmand Stop | Sub Rule | Process/Service Stopped | Startup and Shutdown |
| VMKernel : Running Slpd Stop | Sub Rule | Process/Service Stopped | Startup and Shutdown |
| VMKernel : Peer Table Full For Sfcbd | Sub Rule | Peer Table Full | Warning |
| VMKernel : Init Fn Usr Fail With: Out Of Resources | Sub Rule | Initialization Failed - Out Of Resources | Warning |
| VMKernel : Finish Swapping In Checkpoint File | Sub Rule | Finish Swapping In Checkpoint File | Information |
| VMKernel : Deathpending Set; World Not Running | Sub Rule | World Not Running | Information |
| VMKernel : Completing Reset | Sub Rule | System Restarting | Startup and Shutdown |
| VMKernel : Cdrom: Entering Open_For_Data | Sub Rule | General CD-ROM Information | Information |
| VMKernel : Cdrom: Entering Cdrom_Release | Sub Rule | General CD-ROM Information | Information |
| VMKernel : Cdrom: Entering Cdrom_Open | Sub Rule | CD-ROM Drive Opened | Information |
| VMKernel : Cdrom: Entering Cdrom_Count_Tracks | Sub Rule | General CD-ROM Information | Information |
| VMKernel : Cdrom | Sub Rule | General CD-ROM Information | Information |
| VMKernel : Running Sfcbd-Watchdog Stop | Sub Rule | Process/Service Stopped | Startup and Shutdown |
| VMKernel : Socket Not Owned By Cartel | Sub Rule | Cartel Does Not Own Socket | Warning |
| VMKernel : Completing Request | Sub Rule | Request Completing | Information |
| VMKernel : Reset Request | Sub Rule | Process/Service Restarting | Startup and Shutdown |
| VMKernel : Creating Virtual Device | Sub Rule | Configuration Modified : System | Configuration |
| VMKernel : Received Init | Sub Rule | Command Executed | Access Success |
| VMKernel : Current Cartel Does Not Own Socket | Sub Rule | Cartel Does Not Own Socket | Warning |
| VMKernel : Ignored: Reboot_Cmd_Cad_On | Sub Rule | Reboot Command Ignored | Warning |
| VMKernel : Zombified Unscheduled World | Sub Rule | Zombified Unscheduled World | Information |
| VMKernel : Moved Group | Sub Rule | Virtual Machine Group Moved | Information |
| VMKernel : Renamed Group | Sub Rule | Virtual Machine Group Renamed | Information |
| VMKernel : Starting World | Sub Rule | Process/Service Starting | Startup and Shutdown |
| VMKernal : CPU Warning | Sub Rule | General CPU Warning | Warning |
| VMKernal : Memory Warning | Sub Rule | Unable To Reserve Memory | Warning |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| tag1 | <tag1> | Text/String |
| tag2 | <tag2> | Text/String |
| status | <status> | Text/String |