Skip to main content
Skip table of contents

Syslog - VMWare ESX/ESXi Server

Device Details

Device NameVMWare ESX/ESXi Server
Device TypeVirtual Machine Monitor or VMM
Supported Model Name/NumberN/A
Supported Software VersionAll
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - VMWare ESX/ESXi Server
Log Processing PolicyLogrhythm Default
Additional Information

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
Accept On Client Connection FailedAll<severity>, <process>, <session>, <object>, <subject>
Actual VM OverheadAll<object>, <size>
Adding Query SpecAll<severity>, <object>, <quantity>
Aggregate Version OverflowAll<process>, <object>, <sname>
API HEALTH Execuation MessagesAll<severity>, <sname>, <protname>, <protnum>, <objectname>, <command>, <process>, <status>, <quantity>
Attempt To Relock Already Locked ObjectAll<severity>, <dname>, <process>, <object>
Authentication ActivityAll<severity>, <object>, <domain>, <login>
Authentication MessagesAll<severity>, <sname>, <process>, <session>, <object>, <vendorinfo>, <account>, <command>, <login>, <protnum>, <dip>
Can't Convert IP AddressAll<process>, <object>
Cannot Convert Disk PathAll<severity>, <process>, <vmid>, <login>, <object>
Catch All : Level 1All<severity>, <tag1>
Catch All : Level 3All<severity>, <dname>, <process>, <processid>
Catch All : Level 3 - Syslog Protocol And SeverityAll<tag1>, <process>, <sip>, <sport>
Catch All : Level 4All<severity>, <dname>, <process>, <processid>, <object>
Catch All : General MessagesAll<severity>, <process>, <session>, <tag1>, <objectname>, <command>, <tag2>
Catch All : State Changes And MKS ConnectionsAll<object>, <tag1>, <login>
Change OccuredAll<severity>, <object>, <process>, <subject>, <tag1>
Child Connection From HostAll<severity>, <process>, <processid>, <sip>, <sport>
CIM : Child Still AliveAll<severity>, <process>, <object>
CIM ErrorAllN/A
CIM Server InformationAll<tag1>, <process>, <tag2>, <object>, <quantity>, <login>
CIM Service MessageAll<login>, <process>, <object>
Clearing Connection List Due To Network ErrorAll<severity>, <process>, <processid>, <session>, <protname>, <object>, <domain>
Client Certificate Can't Be VerifiedAll<severity>, <dname>, <process>, <processid>, <subject>
Client HTTP ResponseAll<process>, <object>
Command ExecutedAll<object>, <tag1>
Command Failed To SendAll<severity>, <process>, <processid>, <object>, <objectname>
Command To Device FailedAll<severity>, <process>, <command> ,<object>
Command To NMP Device Failed On Physical PathAll<severity> ,<process>, <command> ,<session>, <object>, <objectname>
Connection AcceptedAll<severity> ,<process>, <dname> ,<sip>
Connection Reset By PeerAll<severity>, <dname>, <process>, <processid>
Could Not Translate Vpxd CounterAll<severity>, <objectname>, <process>, <object>
Creating New SubrequestAll<severity>, <process>, <processid>, <objectname>, <command>, <domain>, <login>, <object>
Critical Log MessageAll<login>, <process>
Cron Job ExecutionAll<process>, <login>, <object>
Crond : Cron Job ExecutionAll<severity>, <login>, <processid>, <command>
Crond Jobs : Session Open/CloseAll<login>, <process>, <tag1>
Data Socket Receive Buffer SizeAll<severity> ,<process>, <dname>, <object>, <size>
Database MessageAll<severity> ,<process>, <command>, <objectname>, <dname>, <tag1>
Default Resource UsedAll<severity>, <process>, <command>, <object>, <objectname>, <domain>, <process>, <session>, <vmid>
Did Not Find VM On VM ListAll<severity>, <objectname>, <process>, <object>
Did Not Recieve Metrics From HostAll<severity>, <object>, <process>
Disk Library ClosedAll<severity> ,<process>, <session> ,<objectname>, <command>, <object>
Distributed Firewall Packet LogAll<severity>, <process>, <tag2>, <domain>, <tag1>, <protname>, <protnum>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <sname>, <smac>, <dmac>
DNS Lookup FailedAll<severity>, <process>, <processid>, <command>, <object>, <dname>
DNSResource CachingAll<severity>, <dname>, <process>, <processid>, <objectname>, <object>, <seconds>
Doing Map Lookup For UserAll<severity>, <process>, <processid>, <object>, <command>, <domain>, <login>
Drive ErrorAll<object>, <session>, <seconds>
Drive FailureAll<object>
DVS Manager MessageAll<process>, <object>
DVS Tracker MessageAll<process>, <object>, <quantity>
Error Accepting SSL ConnectionAll<severity>, <process>, <processid>, <vmid>, <protname>
Error Log MessageAll<severity>, <login>, <process>, <processid>, <object>, <tag2>, <tag1>
Error Occurred During LDAP SearchAll<vmid>, <severity>, <process>, <processid>, <session>, <protname>, <quantity>
ESX ESXI Warning MessageAll<severity>, <object>, <objectname>, <process>, <dname>, <login>, <tag4>, <account>, <domain>, <session>, <command>, <url>, <tag1>, <tag2>, <tag3>, <sip>
Failed Authentication ActivityAll<sip>, <dip>, <sport>, <login>, <process>, <tag1>
Failed To CrossdupAll<severity>, <process>, <object>, <objectname>
Failed To Find File Size : No Such File Or DirAll<severity> ,<process>, <session> ,<objectname> ,<command>, <object>
Failed To Read Disk Adapter TypeAll<severity>, <objectname>, <process>
Failed To Read Header On StreamAll<severity>, <process> ,<session>, <objectname>, <protname>, <sip>, <sport>, <dip> ,<dport>, <object>
FDM MessagesAll<severity>, <process>, <object>, <session>, <subject>
Fetch Failed : File Not FoundAll<severity>, <dname>, <process>, <command>, <object>
Found Profiles In NamespaceAll<severity>, <process>, <object>, <quantity>
General Information 2All<login>, <object>, <itemsin>, <amount>, <duration>, <quantity>, <tag2>, <tag1>
General MessagesAll<tag1>, <amount>
General Messages 2All<severity>, <dname>, <domainorigin>, <process>, <processid>, <object>, <tag2>, <group>
HAL MessagesAll<severity>, <object>, <objectname>, <command>, <sname>, <dname>, <quantity>, <subject>
HAL Services InformationAll<severity>, <process>, <object>, <sinterface>, <tag1>, <subject>
Heartbeat StatusAll<severity>, <process>, <object>, <objectname>, <status>, <tag1>
Host Daemon MessagesAll<process>, <object>
HostCtl Exception During Network Stats CollectionAll<severity> ,<process>, <session>, <object>
HostCtl Exception In Stats CollectionAll<severity>, <dname>, <process>, <session>, <command>, <object>, <subject>
Hostd : Accepted PasswordAll<sessiontype>, <login>, <sip>, <sport>
Hostd : AuthenticationAll<login>
HostD : Could Not Get Max File SizeAll<severity>, <dname>, <process>, <processid>, <object>, <subject>, <objectname>, <vmid>, <command>
Hostd : Password RejectedAll<domain>, <login>, <sip>
Hostd Info MessageAll<parentprocessname>, <severity>, <dname>, <subject>, <session>, <process>, <domain>, <vendorinfo>, <login>, <tag2>, <tag1>, <sname>, <sport>
Hostd MessagesAll<severity>, <dname>, <process>, <tag1>, <command>, <object>, <objectname>, <quantity>, <amount>, <subject>
Hostd Parse Value ErrorAll<severity>, <object>
Hostd Probe InformationAll<severity>, <tag1>, <object>, <process>, <milliseconds>, <objectname>, <version>
Hostd System Is StartingAll<severity>, <process>, <vmid>, <account>, <object>, <tag1>, <objectname>, <sname>, <group>
Hostd System StartingAll<severity>, <process>, <vmid>, <account>, <object>, <command>, <objectname>
HTTP Header Command Is Not ExpectedAll<severity>, <dname>, <process>, <processid>, <protname>
HTTP Process CompleteAll<session>, <process>, <bytesin>
HTTP Proxy InformationAll<process>, <severity>, <object>, <tag1>, <dname>, <dport>, <objecttype>, <action>, <processid>, <version>
HTTP Proxy MessagesAll<severity>, <process>, <tag1>, <command>, <dname>, <dport>
HTTP Transaction Failed On Stream TCPAll<severity>, <dname>, <process>, <session>, <object>, <subject>, <objectname>
Informational MessageAll<login>, <process>, <object>, <tag2>, <tag3>
Instrumentation ServiceAll<severity>, <vmid>, <process>, <object>
Interactive Authentication 2All<dname>, <process>, <processid>, <tag3>, <object>, <login>, <sip>, <sport>
Internal TaskAll<severity>, <objectname>, <object>, <tag1>, <process>, <session>
Invalid Message Type For New ConnectionAll<severity>, <process>, <session>, <object>, <objectname>, <command>
Invoke SOAPAll<severity>, <object>, <process>, <command>, <sname>, <objectname>
Kernel Log MessagesAll<severity>, <sname>, <process>, <tag1>, <object>, <sinterface>, <subject>, <objectname>, <login>
Kernel MPNs Selected For RetirementAll<severity>, <command>, <vmid>, <subject>, <object>, <quantity>
Key InformationAll<severity>, <process>, <object>
Large Receive Offload TaskAll<severity>, <process>, <command>, <object>, <session>, <dname>, <objectname>
Load Current State For Sensor FailedAll<severity>, <dname>, <process>, <command>, <object>, <vmid>, <size>
Login Attempt For Nonexistent UserAll<severity>, <process>, <processid>, <login>, <sip>, <sport>
LWSMD InformationAll<severity>, <dname>, <domainorigin>, <process>, <group>, <subject>, <tag1>
New MKS Connection CountAll<process>, <object>, <quantity>
New Proxy ClientAll<object>, <protname>, <sip>, <sport>, <dip>, <dport>
NMP Device State In DoubtAll<version>, <severity>, <process>, <command>, <object>
No Message String To Format ObjectAll<severity>, <object>
No Port Group Configs FoundAll<severity>, <dname>, <process>, <command>
NSX-ExporterAll<severity>, <dname>, <process>, <processid>, <subject>, <object>, <hash>, <action>, <reason>, <duration>
Object ClosedAll<severity>, <process>, <session>, <objectname>, <command>, <tag1>, <object>
Object Exiting On Host Daemon ExitAll<severity>, <process>, <processid>, <object>
Object Lookup FailedAll<severity>, <process> ,<session>, <object>
OSFSD InformationAll<severity>, <dname>, <process>
PAM Password Authentication SucceededAll<severity>, <process>, <processid>, <domain>, <login>, <sip>, <sport>
Passwd : Password ChangedAll<account>, <login>
Pattern 1 : Authd MessagesAll<tag1>, <sipn>, <session>
Pattern 10 : Hostd : DISKLIB-VMFS AccessAll<object>, <tag1>
Pattern 11 : TaskManager : Task Manager MessagesAll<process>, <tag1>, <tag2>, <vmid>
Pattern 12 : General WMWare MessagesAll<process>, <tag1>, <object>, <sip>, <login>, <dip>, <dport>, <amount>, <session>, <dname>, <sport>
Pattern 15 : Specific Errors And WarningsAll<severity>, <process>, <processid>, <tag3>, <object>, <quantity>, <sender>, <recipient>, <subject>, <login>
Pattern 16 : Authentication LogsAll<tag1>, <tag2>, <dname>, <tag3>, <object>, <login>, <account>, <protname>
Pattern 17 : Reset InformationAll<login>, <tag1>
Pattern 2 : Proxysvc MessagesAll<tag1>, <tag2>, <tag3>, <tag5>
Pattern 3 : VMKernel MessagesAll<tag1>, <tag2>, <status>
Pattern 4 : LSIESG MessagesAll<tag1>
Pattern 5 : Hostd MessagesAll<tag1>
Pattern 6 : Init MessagesAll<tag1>
Pattern 7 : Root MessagesAll<tag1>
Pattern 8 : WatchdogAll<tag1>
Pattern 9 : Login LogoutAll<login>, <sip>, <tag1>
Performance Manager MessageAll<severity>, <object>, <objectname>, <subject>
Performance WarningAll<severity>, <object>, <process>, <microseconds>, <size>, <object>, <bytes>, <quantity>
Port InformationAll<severity>, <process>, <tag1>, <object>
Process Has ExitedAll<severity>, <process> ,<object>
Process Restarting Due To BugAll<severity>, <process>, <object>
Process TimeoutAll<severity>, <process>, <processid>, <object>
Profiles FoundAll<quantity>, <object>
Promiscuous Mode Request Disallowed By PolicyAll<severity>, <process>, <sname>, <dinterface> ,<object>
Responded To Service State RequestAll<severity>, <process>
Root LoginAll<login>, <object>
Root Pool Capacity ChangeAll<object>
Rule2All<tag1>, <tag2>
SDRS InjectorAll<severity>, <dname>, <process>, <processid>, <object>
Session InformationAll<session>, <severity>, <process>, <tag3>, <tag2>, <sname>
Session StatusAll<tag1>, <login>
Set Internal StatsAll<severity>, <object>, <objectname>
Single Sign On MessageAll<severity> ,<process>, <domain>, <login>, <tag1>, <dname>, <object
SLP Agent Received Error Code : Trying AgainAll<severity>, <process>, <vmid> ,<object>, <quantity>
Smart_Open FailedAll<severity>, <dname>, <process>, <command>, <object>, <result>
Snapshot DeletedAll<severity> ,<process>, <session>, <objectname>, <command>, <object>
SNMP Informational MessagesAll<tag1>, <process>, <tag2>, <sip>, <protname>, <sport>
Soaccept FailedAll<severity> ,<protname> ,<process>, <objectname>
StorageRM MessagesAll<severity>, <dname>, <object>, <quantity>
Successfully Opened DiskAll<severity>, <objectname>, <process>, <object>
Sudo Command ExecutedAll<login>, <account>, <object>, <tag1>
Switch User CommandAll<sip>, <dname>, <login>, <tag3>, <account>, <object>
Sync Gen NoAll<severity>, <objectname>, <process>, <command>, <object>
Synchronization MessagesAll<severity> ,<process>, <subject>, <tag1>, <command>, <dname>, <object>, <sname>, <dip>
System Log Daemon ExitingAllN/A
System Time SetAll<severity>, <process>, <processid>, <object>, <login>, <command>, <amount>
Tape Status InformationAll<object>, <tag1>
Task InformationAll<severity>, <process>, <session> ,<objectname> ,<command> ,<tag1>, <object>
Ticket Issued For MKS ServiceAll<login>, <process>, <object>, <session>
Time To Gather ConfigurationAll<severity>, <process>, <session>, <objectname>, <command>, <milliseconds>
Tools Version StatusAll<severity>, <process>, <session>, <objectname>, <object>
Transitioned To Power OffAll<severity>, <process>, <session>, <objectname>, <object>
Unable To Get Resource SettingsAll<severity>, <process>, <vmid>, <object>
Unable To Obtain VersionAll<process>, <severity>, <object>
Unexpected Error Reading HTTP HeaderAll<severity>, <process>, <processid>, <object>, <protname>
User Agent InformationAll<process>, <object>
User Authentication FailureAll<seveirty>, <subject>, <login>, <domain>
User ExitAll<severity>, <process>, <processid>, <domain>, <login>, <tag1>, <tag2>
Using FileAll<severity>, <process> ,<processid>, <object>
VC Agent MessageAll<severity>, <sname>, <process>, <object>, <objectname>, <vmid>, <command>, <subject>
VIM TaskAll<severity>, <objectname>, <process>, <command>, <session>
VM Directory DeletedAll<severity> ,<process>, <session>, <objectname>, <command> ,<login>, <object>
VM Service MessageAll<process>, <object>, <quantity>
VMK WarningsAll<severity>, <process>, <object>, <vmid>, <subject>
VMKernel : Swap File ExtendedAll<tag1>, <amount>
Vmkernel MessagesAll<severity>, <dname>, <object>, <command>, <objectname>, <subject>
VMKernel Warning MessagesAll<tag1>, <severity>, <process>, <tag2>, <object>
VMWare MessagesAll<url>, <object>, <objectname>, <dport>, <process>, <account>, <domain>, <login>
VMware Syslog MessagesAll<process>
Vpxa AlarmAll<severity>, <objectname>, <process>, <object>, <tag1>
Vpxa App MessagesAll<session>, <object>, <url>, <amount>, <quantity>, <tag2>, <tag1>
VPXA App Messages 2All<session>, <object>, <tag2>, <tag1>
Vpxa MessagesAll<severity>, <protname>, <session>, <object>, <result>, <duration>, <quantity>, <tag2>, <tag1>
Vpxa MessagesAll<severity>, <dname>, <objectname>, <tag1>, <object>, <session>, <url>, <quantitiy>, <vmid>
Vpxa Query Last TimestampAll<session>, <process>, <object>
Vpxa SessionAll<severity>, <object>, <process>, <tag1>, <session>
Vsan D Process InfoAll<severity>, <process>, <processid>, <object>, <parentprocessname>, <command>
Vsan Health ServiceAll<severity>, <group>, <process>, <parentprocessname>, <command>
Vsan Soap Server InformationAll<severity>, <sip>, <dname>, <sport>, <process>, <processid>, <object>, <objectname>, <objecttype>, <subject>, <action>
Vsan System Information MessageAll<severity>, <dname>, <process>, <processid>
Vsan Trace InformationAll<severity>, <process>, <processid>, <object>
Wait For Updates ProcessAll<severity>, <objectname>, <process>, <tag1>
Watchdog MessagesAll<process>, <object>, <tag1>
World Does Not ExistAll<severity>, <process>, <session> ,<objectname>, <object>
World ID Not Set For VMAll<severity>, <process>, <session>, <objectname>, <command>, <object>
Write At Offset FailedAll<severity>, <process>, <quantity>, <object>, <objectname>, <command>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.598.0N/ADevice DocumentationN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.