Device Details
|
Device Name |
VMWare vSphere 8.0 (formerly ESX/ESXi Server) |
|---|---|
|
Vendor |
VMWare |
|
Device Type |
Virtual Machine Monitor or VMM |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Syslog - VMWare ESX/ESXi Server |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.vmware.com/products/cloud-infrastructure/vsphere
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-monitoring-and-performance-8-0/system-log-files/configure-syslog-on-esxi-hosts.html |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Accept On Client Connection Failed |
All |
<severity>, <process>, <session>, <object>, <subject> |
|
Actual VM Overhead |
All |
<object>, <size> |
|
Adding Query Spec |
All |
<severity>, <object>, <quantity> |
|
Aggregate Version Overflow |
All |
<process>, <object>, <sname> |
|
API HEALTH Execuation Messages |
All |
<severity>, <sname>, <protname>, <protnum>, <objectname>, <command>, <process>, <status>, <quantity> |
|
Attempt To Relock Already Locked Object |
All |
<severity>, <dname>, <process>, <object> |
|
Authentication Activity |
All |
<severity>, <object>, <domain>, <login> |
|
Authentication Messages |
All |
<severity>, <sname>, <process>, <session>, <object>, <vendorinfo>, <account>, <command>, <login>, <protnum>, <dip> |
|
Can't Convert IP Address |
All |
<process>, <object> |
|
Cannot Convert Disk Path |
All |
<severity>, <process>, <vmid>, <login>, <object> |
|
Catch All : Level 1 |
All |
<severity>, <tag1> |
|
Catch All : Level 3 |
All |
<severity>, <dname>, <process>, <processid> |
|
Catch All : Level 3 - Syslog Protocol And Severity |
All |
<tag1>, <process>, <sip>, <sport> |
|
Catch All : Level 4 |
All |
<severity>, <dname>, <process>, <processid>, <object> |
|
Catch All : General Messages |
All |
<severity>, <process>, <session>, <tag1>, <objectname>, <command>, <tag2> |
|
Catch All : State Changes And MKS Connections |
All |
<object>, <tag1>, <login> |
|
Change Occured |
All |
<severity>, <object>, <process>, <subject>, <tag1> |
|
Child Connection From Host |
All |
<severity>, <process>, <processid>, <sip>, <sport> |
|
CIM : Child Still Alive |
All |
<severity>, <process>, <object> |
|
CIM Error |
All |
N/A |
|
CIM Server Information |
All |
<tag1>, <process>, <tag2>, <object>, <quantity>, <login> |
|
CIM Service Message |
All |
<login>, <process>, <object> |
|
Clearing Connection List Due To Network Error |
All |
<severity>, <process>, <processid>, <session>, <protname>, <object>, <domain> |
|
Client Certificate Can't Be Verified |
All |
<severity>, <dname>, <process>, <processid>, <subject> |
|
Client HTTP Response |
All |
<process>, <object> |
|
Command Executed |
All |
<object>, <tag1> |
|
Command Failed To Send |
All |
<severity>, <process>, <processid>, <object>, <objectname> |
|
Command To Device Failed |
All |
<severity>, <process>, <command> ,<object> |
|
Command To NMP Device Failed On Physical Path |
All |
<severity> ,<process>, <command> ,<session>, <object>, <objectname> |
|
Connection Accepted |
All |
<severity> ,<process>, <dname> ,<sip> |
|
Connection Reset By Peer |
All |
<severity>, <dname>, <process>, <processid> |
|
Could Not Translate Vpxd Counter |
All |
<severity>, <objectname>, <process>, <object> |
|
Creating New Subrequest |
All |
<severity>, <process>, <processid>, <objectname>, <command>, <domain>, <login>, <object> |
|
Critical Log Message |
All |
<login>, <process> |
|
Cron Job Execution |
All |
<process>, <login>, <object> |
|
Crond : Cron Job Execution |
All |
<severity>, <login>, <processid>, <command> |
|
Crond Jobs : Session Open/Close |
All |
<login>, <process>, <tag1> |
|
Data Socket Receive Buffer Size |
All |
<severity> ,<process>, <dname>, <object>, <size> |
|
Database Message |
All |
<severity> ,<process>, <command>, <objectname>, <dname>, <tag1> |
|
Default Resource Used |
All |
<severity>, <process>, <command>, <object>, <objectname>, <domain>, <process>, <session>, <vmid> |
|
Did Not Find VM On VM List |
All |
<severity>, <objectname>, <process>, <object> |
|
Did Not Recieve Metrics From Host |
All |
<severity>, <object>, <process> |
|
Disk Library Closed |
All |
<severity> ,<process>, <session> ,<objectname>, <command>, <object> |
|
Distributed Firewall Packet Log |
All |
<severity>, <process>, <tag2>, <domain>, <tag1>, <protname>, <protnum>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <sname>, <smac>, <dmac> |
|
DNS Lookup Failed |
All |
<severity>, <process>, <processid>, <command>, <object>, <dname> |
|
DNSResource Caching |
All |
<severity>, <dname>, <process>, <processid>, <objectname>, <object>, <seconds> |
|
Doing Map Lookup For User |
All |
<severity>, <process>, <processid>, <object>, <command>, <domain>, <login> |
|
Drive Error |
All |
<object>, <session>, <seconds> |
|
Drive Failure |
All |
<object> |
|
DVS Manager Message |
All |
<process>, <object> |
|
DVS Tracker Message |
All |
<process>, <object>, <quantity> |
|
Error Accepting SSL Connection |
All |
<severity>, <process>, <processid>, <vmid>, <protname> |
|
Error Log Message |
All |
<severity>, <login>, <process>, <processid>, <object>, <tag2>, <tag1> |
|
Error Occurred During LDAP Search |
All |
<vmid>, <severity>, <process>, <processid>, <session>, <protname>, <quantity> |
|
ESX ESXI Warning Message |
All |
<severity>, <object>, <objectname>, <process>, <dname>, <login>, <tag4>, <account>, <domain>, <session>, <command>, <url>, <tag1>, <tag2>, <tag3>, <sip> |
|
Failed Authentication Activity |
All |
<sip>, <dip>, <sport>, <login>, <process>, <tag1> |
|
Failed To Crossdup |
All |
<severity>, <process>, <object>, <objectname> |
|
Failed To Find File Size : No Such File Or Dir |
All |
<severity> ,<process>, <session> ,<objectname> ,<command>, <object> |
|
Failed To Read Disk Adapter Type |
All |
<severity>, <objectname>, <process> |
|
Failed To Read Header On Stream |
All |
<severity>, <process> ,<session>, <objectname>, <protname>, <sip>, <sport>, <dip> ,<dport>, <object> |
|
FDM Messages |
All |
<severity>, <process>, <object>, <session>, <subject> |
|
Fetch Failed : File Not Found |
All |
<severity>, <dname>, <process>, <command>, <object> |
|
Found Profiles In Namespace |
All |
<severity>, <process>, <object>, <quantity> |
|
General Information 2 |
All |
<login>, <object>, <itemsin>, <amount>, <duration>, <quantity>, <tag2>, <tag1> |
|
General Messages |
All |
<tag1>, <amount> |
|
General Messages 2 |
All |
<severity>, <dname>, <domainorigin>, <process>, <processid>, <object>, <tag2>, <group> |
|
HAL Messages |
All |
<severity>, <object>, <objectname>, <command>, <sname>, <dname>, <quantity>, <subject> |
|
HAL Services Information |
All |
<severity>, <process>, <object>, <sinterface>, <tag1>, <subject> |
|
Heartbeat Status |
All |
<severity>, <process>, <object>, <objectname>, <status>, <tag1> |
|
Host Daemon Messages |
All |
<process>, <object> |
|
HostCtl Exception During Network Stats Collection |
All |
<severity> ,<process>, <session>, <object> |
|
HostCtl Exception In Stats Collection |
All |
<severity>, <dname>, <process>, <session>, <command>, <object>, <subject> |
|
Hostd : Accepted Password |
All |
<sessiontype>, <login>, <sip>, <sport> |
|
Hostd : Authentication |
All |
<login> |
|
HostD : Could Not Get Max File Size |
All |
<severity>, <dname>, <process>, <processid>, <object>, <subject>, <objectname>, <vmid>, <command> |
|
Hostd : Password Rejected |
All |
<domain>, <login>, <sip> |
|
Hostd Info Message |
All |
<parentprocessname>, <severity>, <dname>, <subject>, <session>, <process>, <domain>, <vendorinfo>, <login>, <tag2>, <tag1>, <sname>, <sport> |
|
Hostd Messages |
All |
<severity>, <dname>, <process>, <tag1>, <command>, <object>, <objectname>, <quantity>, <amount>, <subject> |
|
Hostd Parse Value Error |
All |
<severity>, <object> |
|
Hostd Probe Information |
All |
<severity>, <tag1>, <object>, <process>, <milliseconds>, <objectname>, <version> |
|
Hostd System Is Starting |
All |
<severity>, <process>, <vmid>, <account>, <object>, <tag1>, <objectname>, <sname>, <group> |
|
Hostd System Starting |
All |
<severity>, <process>, <vmid>, <account>, <object>, <command>, <objectname> |
|
HTTP Header Command Is Not Expected |
All |
<severity>, <dname>, <process>, <processid>, <protname> |
|
HTTP Process Complete |
All |
<session>, <process>, <bytesin> |
|
HTTP Proxy Information |
All |
<process>, <severity>, <object>, <tag1>, <dname>, <dport>, <objecttype>, <action>, <processid>, <version> |
|
HTTP Proxy Messages |
All |
<severity>, <process>, <tag1>, <command>, <dname>, <dport> |
|
HTTP Transaction Failed On Stream TCP |
All |
<severity>, <dname>, <process>, <session>, <object>, <subject>, <objectname> |
|
Informational Message |
All |
<login>, <process>, <object>, <tag2>, <tag3> |
|
Instrumentation Service |
All |
<severity>, <vmid>, <process>, <object> |
|
Interactive Authentication 2 |
All |
<dname>, <process>, <processid>, <tag3>, <object>, <login>, <sip>, <sport> |
|
Internal Task |
All |
<severity>, <objectname>, <object>, <tag1>, <process>, <session> |
|
Invalid Message Type For New Connection |
All |
<severity>, <process>, <session>, <object>, <objectname>, <command> |
|
Invoke SOAP |
All |
<severity>, <object>, <process>, <command>, <sname>, <objectname> |
|
Kernel Log Messages |
All |
<severity>, <sname>, <process>, <tag1>, <object>, <sinterface>, <subject>, <objectname>, <login> |
|
Kernel MPNs Selected For Retirement |
All |
<severity>, <command>, <vmid>, <subject>, <object>, <quantity> |
|
Key Information |
All |
<severity>, <process>, <object> |
|
Large Receive Offload Task |
All |
<severity>, <process>, <command>, <object>, <session>, <dname>, <objectname> |
|
Load Current State For Sensor Failed |
All |
<severity>, <dname>, <process>, <command>, <object>, <vmid>, <size> |
|
Login Attempt For Nonexistent User |
All |
<severity>, <process>, <processid>, <login>, <sip>, <sport> |
|
LWSMD Information |
All |
<severity>, <dname>, <domainorigin>, <process>, <group>, <subject>, <tag1> |
|
New MKS Connection Count |
All |
<process>, <object>, <quantity> |
|
New Proxy Client |
All |
<object>, <protname>, <sip>, <sport>, <dip>, <dport> |
|
NMP Device State In Doubt |
All |
<version>, <severity>, <process>, <command>, <object> |
|
No Message String To Format Object |
All |
<severity>, <object> |
|
No Port Group Configs Found |
All |
<severity>, <dname>, <process>, <command> |
|
NSX-Exporter |
All |
<severity>, <dname>, <process>, <processid>, <subject>, <object>, <hash>, <action>, <reason>, <duration> |
|
Object Closed |
All |
<severity>, <process>, <session>, <objectname>, <command>, <tag1>, <object> |
|
Object Exiting On Host Daemon Exit |
All |
<severity>, <process>, <processid>, <object> |
|
Object Lookup Failed |
All |
<severity>, <process> ,<session>, <object> |
|
OSFSD Information |
All |
<severity>, <dname>, <process> |
|
PAM Password Authentication Succeeded |
All |
<severity>, <process>, <processid>, <domain>, <login>, <sip>, <sport> |
|
Passwd : Password Changed |
All |
<account>, <login> |
|
Pattern 1 : Authd Messages |
All |
<tag1>, <sipn>, <session> |
|
Pattern 10 : Hostd : DISKLIB-VMFS Access |
All |
<object>, <tag1> |
|
Pattern 11 : TaskManager : Task Manager Messages |
All |
<process>, <tag1>, <tag2>, <vmid> |
|
Pattern 12 : General WMWare Messages |
All |
<process>, <tag1>, <object>, <sip>, <login>, <dip>, <dport>, <amount>, <session>, <dname>, <sport> |
|
Pattern 15 : Specific Errors And Warnings |
All |
<severity>, <process>, <processid>, <tag3>, <object>, <quantity>, <sender>, <recipient>, <subject>, <login> |
|
Pattern 16 : Authentication Logs |
All |
<tag1>, <tag2>, <dname>, <tag3>, <object>, <login>, <account>, <protname> |
|
Pattern 17 : Reset Information |
All |
<login>, <tag1> |
|
Pattern 2 : Proxysvc Messages |
All |
<tag1>, <tag2>, <tag3>, <tag5> |
|
Pattern 3 : VMKernel Messages |
All |
<tag1>, <tag2>, <status> |
|
Pattern 4 : LSIESG Messages |
All |
<tag1> |
|
Pattern 5 : Hostd Messages |
All |
<tag1> |
|
Pattern 6 : Init Messages |
All |
<tag1> |
|
Pattern 7 : Root Messages |
All |
<tag1> |
|
Pattern 8 : Watchdog |
All |
<tag1> |
|
Pattern 9 : Login Logout |
All |
<login>, <sip>, <tag1> |
|
Performance Manager Message |
All |
<severity>, <object>, <objectname>, <subject> |
|
Performance Warning |
All |
<severity>, <object>, <process>, <microseconds>, <size>, <object>, <bytes>, <quantity> |
|
Port Information |
All |
<severity>, <process>, <tag1>, <object> |
|
Process Has Exited |
All |
<severity>, <process> ,<object> |
|
Process Restarting Due To Bug |
All |
<severity>, <process>, <object> |
|
Process Timeout |
All |
<severity>, <process>, <processid>, <object> |
|
Profiles Found |
All |
<quantity>, <object> |
|
Promiscuous Mode Request Disallowed By Policy |
All |
<severity>, <process>, <sname>, <dinterface> ,<object> |
|
Responded To Service State Request |
All |
<severity>, <process> |
|
Root Login |
All |
<login>, <object> |
|
Root Pool Capacity Change |
All |
<object> |
|
Rule2 |
All |
<tag1>, <tag2> |
|
SDRS Injector |
All |
<severity>, <dname>, <process>, <processid>, <object> |
|
Session Information |
All |
<session>, <severity>, <process>, <tag3>, <tag2>, <sname> |
|
Session Status |
All |
<tag1>, <login> |
|
Set Internal Stats |
All |
<severity>, <object>, <objectname> |
|
Single Sign On Message |
All |
<severity> ,<process>, <domain>, <login>, <tag1>, <dname>, <object |
|
SLP Agent Received Error Code : Trying Again |
All |
<severity>, <process>, <vmid> ,<object>, <quantity> |
|
Smart_Open Failed |
All |
<severity>, <dname>, <process>, <command>, <object>, <result> |
|
Snapshot Deleted |
All |
<severity> ,<process>, <session>, <objectname>, <command>, <object> |
|
SNMP Informational Messages |
All |
<tag1>, <process>, <tag2>, <sip>, <protname>, <sport> |
|
Soaccept Failed |
All |
<severity> ,<protname> ,<process>, <objectname> |
|
StorageRM Messages |
All |
<severity>, <dname>, <object>, <quantity> |
|
Successfully Opened Disk |
All |
<severity>, <objectname>, <process>, <object> |
|
Sudo Command Executed |
All |
<login>, <account>, <object>, <tag1> |
|
Switch User Command |
All |
<sip>, <dname>, <login>, <tag3>, <account>, <object> |
|
Sync Gen No |
All |
<severity>, <objectname>, <process>, <command>, <object> |
|
Synchronization Messages |
All |
<severity> ,<process>, <subject>, <tag1>, <command>, <dname>, <object>, <sname>, <dip> |
|
System Log Daemon Exiting |
All |
N/A |
|
System Time Set |
All |
<severity>, <process>, <processid>, <object>, <login>, <command>, <amount> |
|
Tape Status Information |
All |
<object>, <tag1> |
|
Task Information |
All |
<severity>, <process>, <session> ,<objectname> ,<command> ,<tag1>, <object> |
|
Ticket Issued For MKS Service |
All |
<login>, <process>, <object>, <session> |
|
Time To Gather Configuration |
All |
<severity>, <process>, <session>, <objectname>, <command>, <milliseconds> |
|
Tools Version Status |
All |
<severity>, <process>, <session>, <objectname>, <object> |
|
Transitioned To Power Off |
All |
<severity>, <process>, <session>, <objectname>, <object> |
|
Unable To Get Resource Settings |
All |
<severity>, <process>, <vmid>, <object> |
|
Unable To Obtain Version |
All |
<process>, <severity>, <object> |
|
Unexpected Error Reading HTTP Header |
All |
<severity>, <process>, <processid>, <object>, <protname> |
|
User Agent Information |
All |
<process>, <object> |
|
User Authentication Failure |
All |
<seveirty>, <subject>, <login>, <domain> |
|
User Exit |
All |
<severity>, <process>, <processid>, <domain>, <login>, <tag1>, <tag2> |
|
Using File |
All |
<severity>, <process> ,<processid>, <object> |
|
VC Agent Message |
All |
<severity>, <sname>, <process>, <object>, <objectname>, <vmid>, <command>, <subject> |
|
VIM Task |
All |
<severity>, <objectname>, <process>, <command>, <session> |
|
VM Directory Deleted |
All |
<severity> ,<process>, <session>, <objectname>, <command> ,<login>, <object> |
|
VM Service Message |
All |
<process>, <object>, <quantity> |
|
VMK Warnings |
All |
<severity>, <process>, <object>, <vmid>, <subject> |
|
VMKernel : Swap File Extended |
All |
<tag1>, <amount> |
|
Vmkernel Messages |
All |
<severity>, <dname>, <object>, <command>, <objectname>, <subject> |
|
VMKernel Warning Messages |
All |
<tag1>, <severity>, <process>, <tag2>, <object> |
|
VMWare Messages |
All |
<url>, <object>, <objectname>, <dport>, <process>, <account>, <domain>, <login> |
|
VMware Syslog Messages |
All |
<process> |
|
Vpxa Alarm |
All |
<severity>, <objectname>, <process>, <object>, <tag1> |
|
Vpxa App Messages |
All |
<session>, <object>, <url>, <amount>, <quantity>, <tag2>, <tag1> |
|
VPXA App Messages 2 |
All |
<session>, <object>, <tag2>, <tag1> |
|
Vpxa Messages |
All |
<severity>, <protname>, <session>, <object>, <result>, <duration>, <quantity>, <tag2>, <tag1> |
|
Vpxa Messages |
All |
<severity>, <dname>, <objectname>, <tag1>, <object>, <session>, <url>, <quantitiy>, <vmid> |
|
Vpxa Query Last Timestamp |
All |
<session>, <process>, <object> |
|
Vpxa Session |
All |
<severity>, <object>, <process>, <tag1>, <session> |
|
Vsan D Process Info |
All |
<severity>, <process>, <processid>, <object>, <parentprocessname>, <command> |
|
Vsan Health Service |
All |
<severity>, <group>, <process>, <parentprocessname>, <command> |
|
Vsan Soap Server Information |
All |
<severity>, <sip>, <dname>, <sport>, <process>, <processid>, <object>, <objectname>, <objecttype>, <subject>, <action> |
|
Vsan System Information Message |
All |
<severity>, <dname>, <process>, <processid> |
|
Vsan Trace Information |
All |
<severity>, <process>, <processid>, <object> |
|
Wait For Updates Process |
All |
<severity>, <objectname>, <process>, <tag1> |
|
Watchdog Messages |
All |
<process>, <object>, <tag1> |
|
World Does Not Exist |
All |
<severity>, <process>, <session> ,<objectname>, <object> |
|
World ID Not Set For VM |
All |
<severity>, <process>, <session>, <objectname>, <command>, <object> |
|
Write At Offset Failed |
All |
<severity>, <process>, <quantity>, <object>, <objectname>, <command> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.598.0 |
N/A |
Device Documentation |
N/A |