Skip to main content
Skip table of contents

Syslog - VMWare ESX/ESXi Server

Device Details

Device NameVMWare ESX/ESXi Server
VendorVMWare
Device TypeVirtual Machine Monitor or VMM
Supported Model Name/NumberN/A
Supported Software VersionAll
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - VMWare ESX/ESXi Server
Log Processing PolicyLogrhythm Default
ExceptionsN/A
Additional Informationhttps://www.vmware.com/in/products/esxi-and-esx.html
https://www.vmware.com/topics/glossary/content/bare-metal-hypervisor

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
Accept On Client Connection FailedAll<severity>, <process>, <session>, <object>, <subject>
Actual VM OverheadAll<object>, <size>
Adding Query SpecAll<severity>, <object>, <quantity>
Aggregate Version OverflowAll<process>, <object>, <sname>
API HEALTH Execuation MessagesAll<severity>, <sname>, <protname>, <protnum>, <objectname>, <command>, <process>, <status>, <quantity>
Attempt To Relock Already Locked ObjectAll<severity>, <dname>, <process>, <object>
Authentication ActivityAll<severity>, <object>, <domain>, <login>
Authentication MessagesAll<severity>, <sname>, <process>, <session>, <object>, <vendorinfo>, <account>, <command>, <login>, <protnum>, <dip>
Can't Convert IP AddressAll<process>, <object>
Cannot Convert Disk PathAll<severity>, <process>, <vmid>, <login>, <object>
Catch All : Level 1All<severity>, <tag1>
Catch All : Level 3All<severity>, <dname>, <process>, <processid>
Catch All : Level 3 - Syslog Protocol And SeverityAll<tag1>, <process>, <sip>, <sport>
Catch All : Level 4All<severity>, <dname>, <process>, <processid>, <object>
Catch All : General MessagesAll<severity>, <process>, <session>, <tag1>, <objectname>, <command>, <tag2>
Catch All : State Changes And MKS ConnectionsAll<object>, <tag1>, <login>
Change OccuredAll<severity>, <object>, <process>, <subject>, <tag1>
Child Connection From HostAll<severity>, <process>, <processid>, <sip>, <sport>
CIM : Child Still AliveAll<severity>, <process>, <object>
CIM ErrorAllN/A
CIM Server InformationAll<tag1>, <process>, <tag2>, <object>, <quantity>, <login>
CIM Service MessageAll<login>, <process>, <object>
Clearing Connection List Due To Network ErrorAll<severity>, <process>, <processid>, <session>, <protname>, <object>, <domain>
Client Certificate Can't Be VerifiedAll<severity>, <dname>, <process>, <processid>, <subject>
Client HTTP ResponseAll<process>, <object>
Command ExecutedAll<object>, <tag1>
Command Failed To SendAll<severity>, <process>, <processid>, <object>, <objectname>
Command To Device FailedAll<severity>, <process>, <command> ,<object>
Command To NMP Device Failed On Physical PathAll<severity> ,<process>, <command> ,<session>, <object>, <objectname>
Connection AcceptedAll<severity> ,<process>, <dname> ,<sip>
Connection Reset By PeerAll<severity>, <dname>, <process>, <processid>
Could Not Translate Vpxd CounterAll<severity>, <objectname>, <process>, <object>
Creating New SubrequestAll<severity>, <process>, <processid>, <objectname>, <command>, <domain>, <login>, <object>
Critical Log MessageAll<login>, <process>
Cron Job ExecutionAll<process>, <login>, <object>
Crond : Cron Job ExecutionAll<severity>, <login>, <processid>, <command>
Crond Jobs : Session Open/CloseAll<login>, <process>, <tag1>
Data Socket Receive Buffer SizeAll<severity> ,<process>, <dname>, <object>, <size>
Database MessageAll<severity> ,<process>, <command>, <objectname>, <dname>, <tag1>
Default Resource UsedAll<severity>, <process>, <command>, <object>, <objectname>, <domain>, <process>, <session>, <vmid>
Did Not Find VM On VM ListAll<severity>, <objectname>, <process>, <object>
Did Not Recieve Metrics From HostAll<severity>, <object>, <process>
Disk Library ClosedAll<severity> ,<process>, <session> ,<objectname>, <command>, <object>
Distributed Firewall Packet LogAll<severity>, <process>, <tag2>, <domain>, <tag1>, <protname>, <protnum>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <sname>, <smac>, <dmac>
DNS Lookup FailedAll<severity>, <process>, <processid>, <command>, <object>, <dname>
DNSResource CachingAll<severity>, <dname>, <process>, <processid>, <objectname>, <object>, <seconds>
Doing Map Lookup For UserAll<severity>, <process>, <processid>, <object>, <command>, <domain>, <login>
Drive ErrorAll<object>, <session>, <seconds>
Drive FailureAll<object>
DVS Manager MessageAll<process>, <object>
DVS Tracker MessageAll<process>, <object>, <quantity>
Error Accepting SSL ConnectionAll<severity>, <process>, <processid>, <vmid>, <protname>
Error Log MessageAll<severity>, <login>, <process>, <processid>, <object>, <tag2>, <tag1>
Error Occurred During LDAP SearchAll<vmid>, <severity>, <process>, <processid>, <session>, <protname>, <quantity>
ESX ESXI Warning MessageAll<severity>, <object>, <objectname>, <process>, <dname>, <login>, <tag4>, <account>, <domain>, <session>, <command>, <url>, <tag1>, <tag2>, <tag3>, <sip>
Failed Authentication ActivityAll<sip>, <dip>, <sport>, <login>, <process>, <tag1>
Failed To CrossdupAll<severity>, <process>, <object>, <objectname>
Failed To Find File Size : No Such File Or DirAll<severity> ,<process>, <session> ,<objectname> ,<command>, <object>
Failed To Read Disk Adapter TypeAll<severity>, <objectname>, <process>
Failed To Read Header On StreamAll<severity>, <process> ,<session>, <objectname>, <protname>, <sip>, <sport>, <dip> ,<dport>, <object>
FDM MessagesAll<severity>, <process>, <object>, <session>, <subject>
Fetch Failed : File Not FoundAll<severity>, <dname>, <process>, <command>, <object>
Found Profiles In NamespaceAll<severity>, <process>, <object>, <quantity>
General Information 2All<login>, <object>, <itemsin>, <amount>, <duration>, <quantity>, <tag2>, <tag1>
General MessagesAll<tag1>, <amount>
General Messages 2All<severity>, <dname>, <domainorigin>, <process>, <processid>, <object>, <tag2>, <group>
HAL MessagesAll<severity>, <object>, <objectname>, <command>, <sname>, <dname>, <quantity>, <subject>
HAL Services InformationAll<severity>, <process>, <object>, <sinterface>, <tag1>, <subject>
Heartbeat StatusAll<severity>, <process>, <object>, <objectname>, <status>, <tag1>
Host Daemon MessagesAll<process>, <object>
HostCtl Exception During Network Stats CollectionAll<severity> ,<process>, <session>, <object>
HostCtl Exception In Stats CollectionAll<severity>, <dname>, <process>, <session>, <command>, <object>, <subject>
Hostd : Accepted PasswordAll<sessiontype>, <login>, <sip>, <sport>
Hostd : AuthenticationAll<login>
HostD : Could Not Get Max File SizeAll<severity>, <dname>, <process>, <processid>, <object>, <subject>, <objectname>, <vmid>, <command>
Hostd : Password RejectedAll<domain>, <login>, <sip>
Hostd Info MessageAll<parentprocessname>, <severity>, <dname>, <subject>, <session>, <process>, <domain>, <vendorinfo>, <login>, <tag2>, <tag1>, <sname>, <sport>
Hostd MessagesAll<severity>, <dname>, <process>, <tag1>, <command>, <object>, <objectname>, <quantity>, <amount>, <subject>
Hostd Parse Value ErrorAll<severity>, <object>
Hostd Probe InformationAll<severity>, <tag1>, <object>, <process>, <milliseconds>, <objectname>, <version>
Hostd System Is StartingAll<severity>, <process>, <vmid>, <account>, <object>, <tag1>, <objectname>, <sname>, <group>
Hostd System StartingAll<severity>, <process>, <vmid>, <account>, <object>, <command>, <objectname>
HTTP Header Command Is Not ExpectedAll<severity>, <dname>, <process>, <processid>, <protname>
HTTP Process CompleteAll<session>, <process>, <bytesin>
HTTP Proxy InformationAll<process>, <severity>, <object>, <tag1>, <dname>, <dport>, <objecttype>, <action>, <processid>, <version>
HTTP Proxy MessagesAll<severity>, <process>, <tag1>, <command>, <dname>, <dport>
HTTP Transaction Failed On Stream TCPAll<severity>, <dname>, <process>, <session>, <object>, <subject>, <objectname>
Informational MessageAll<login>, <process>, <object>, <tag2>, <tag3>
Instrumentation ServiceAll<severity>, <vmid>, <process>, <object>
Interactive Authentication 2All<dname>, <process>, <processid>, <tag3>, <object>, <login>, <sip>, <sport>
Internal TaskAll<severity>, <objectname>, <object>, <tag1>, <process>, <session>
Invalid Message Type For New ConnectionAll<severity>, <process>, <session>, <object>, <objectname>, <command>
Invoke SOAPAll<severity>, <object>, <process>, <command>, <sname>, <objectname>
Kernel Log MessagesAll<severity>, <sname>, <process>, <tag1>, <object>, <sinterface>, <subject>, <objectname>, <login>
Kernel MPNs Selected For RetirementAll<severity>, <command>, <vmid>, <subject>, <object>, <quantity>
Key InformationAll<severity>, <process>, <object>
Large Receive Offload TaskAll<severity>, <process>, <command>, <object>, <session>, <dname>, <objectname>
Load Current State For Sensor FailedAll<severity>, <dname>, <process>, <command>, <object>, <vmid>, <size>
Login Attempt For Nonexistent UserAll<severity>, <process>, <processid>, <login>, <sip>, <sport>
LWSMD InformationAll<severity>, <dname>, <domainorigin>, <process>, <group>, <subject>, <tag1>
New MKS Connection CountAll<process>, <object>, <quantity>
New Proxy ClientAll<object>, <protname>, <sip>, <sport>, <dip>, <dport>
NMP Device State In DoubtAll<version>, <severity>, <process>, <command>, <object>
No Message String To Format ObjectAll<severity>, <object>
No Port Group Configs FoundAll<severity>, <dname>, <process>, <command>
NSX-ExporterAll<severity>, <dname>, <process>, <processid>, <subject>, <object>, <hash>, <action>, <reason>, <duration>
Object ClosedAll<severity>, <process>, <session>, <objectname>, <command>, <tag1>, <object>
Object Exiting On Host Daemon ExitAll<severity>, <process>, <processid>, <object>
Object Lookup FailedAll<severity>, <process> ,<session>, <object>
OSFSD InformationAll<severity>, <dname>, <process>
PAM Password Authentication SucceededAll<severity>, <process>, <processid>, <domain>, <login>, <sip>, <sport>
Passwd : Password ChangedAll<account>, <login>
Pattern 1 : Authd MessagesAll<tag1>, <sipn>, <session>
Pattern 10 : Hostd : DISKLIB-VMFS AccessAll<object>, <tag1>
Pattern 11 : TaskManager : Task Manager MessagesAll<process>, <tag1>, <tag2>, <vmid>
Pattern 12 : General WMWare MessagesAll<process>, <tag1>, <object>, <sip>, <login>, <dip>, <dport>, <amount>, <session>, <dname>, <sport>
Pattern 15 : Specific Errors And WarningsAll<severity>, <process>, <processid>, <tag3>, <object>, <quantity>, <sender>, <recipient>, <subject>, <login>
Pattern 16 : Authentication LogsAll<tag1>, <tag2>, <dname>, <tag3>, <object>, <login>, <account>, <protname>
Pattern 17 : Reset InformationAll<login>, <tag1>
Pattern 2 : Proxysvc MessagesAll<tag1>, <tag2>, <tag3>, <tag5>
Pattern 3 : VMKernel MessagesAll<tag1>, <tag2>, <status>
Pattern 4 : LSIESG MessagesAll<tag1>
Pattern 5 : Hostd MessagesAll<tag1>
Pattern 6 : Init MessagesAll<tag1>
Pattern 7 : Root MessagesAll<tag1>
Pattern 8 : WatchdogAll<tag1>
Pattern 9 : Login LogoutAll<login>, <sip>, <tag1>
Performance Manager MessageAll<severity>, <object>, <objectname>, <subject>
Performance WarningAll<severity>, <object>, <process>, <microseconds>, <size>, <object>, <bytes>, <quantity>
Port InformationAll<severity>, <process>, <tag1>, <object>
Process Has ExitedAll<severity>, <process> ,<object>
Process Restarting Due To BugAll<severity>, <process>, <object>
Process TimeoutAll<severity>, <process>, <processid>, <object>
Profiles FoundAll<quantity>, <object>
Promiscuous Mode Request Disallowed By PolicyAll<severity>, <process>, <sname>, <dinterface> ,<object>
Responded To Service State RequestAll<severity>, <process>
Root LoginAll<login>, <object>
Root Pool Capacity ChangeAll<object>
Rule2All<tag1>, <tag2>
SDRS InjectorAll<severity>, <dname>, <process>, <processid>, <object>
Session InformationAll<session>, <severity>, <process>, <tag3>, <tag2>, <sname>
Session StatusAll<tag1>, <login>
Set Internal StatsAll<severity>, <object>, <objectname>
Single Sign On MessageAll<severity> ,<process>, <domain>, <login>, <tag1>, <dname>, <object
SLP Agent Received Error Code : Trying AgainAll<severity>, <process>, <vmid> ,<object>, <quantity>
Smart_Open FailedAll<severity>, <dname>, <process>, <command>, <object>, <result>
Snapshot DeletedAll<severity> ,<process>, <session>, <objectname>, <command>, <object>
SNMP Informational MessagesAll<tag1>, <process>, <tag2>, <sip>, <protname>, <sport>
Soaccept FailedAll<severity> ,<protname> ,<process>, <objectname>
StorageRM MessagesAll<severity>, <dname>, <object>, <quantity>
Successfully Opened DiskAll<severity>, <objectname>, <process>, <object>
Sudo Command ExecutedAll<login>, <account>, <object>, <tag1>
Switch User CommandAll<sip>, <dname>, <login>, <tag3>, <account>, <object>
Sync Gen NoAll<severity>, <objectname>, <process>, <command>, <object>
Synchronization MessagesAll<severity> ,<process>, <subject>, <tag1>, <command>, <dname>, <object>, <sname>, <dip>
System Log Daemon ExitingAllN/A
System Time SetAll<severity>, <process>, <processid>, <object>, <login>, <command>, <amount>
Tape Status InformationAll<object>, <tag1>
Task InformationAll<severity>, <process>, <session> ,<objectname> ,<command> ,<tag1>, <object>
Ticket Issued For MKS ServiceAll<login>, <process>, <object>, <session>
Time To Gather ConfigurationAll<severity>, <process>, <session>, <objectname>, <command>, <milliseconds>
Tools Version StatusAll<severity>, <process>, <session>, <objectname>, <object>
Transitioned To Power OffAll<severity>, <process>, <session>, <objectname>, <object>
Unable To Get Resource SettingsAll<severity>, <process>, <vmid>, <object>
Unable To Obtain VersionAll<process>, <severity>, <object>
Unexpected Error Reading HTTP HeaderAll<severity>, <process>, <processid>, <object>, <protname>
User Agent InformationAll<process>, <object>
User Authentication FailureAll<seveirty>, <subject>, <login>, <domain>
User ExitAll<severity>, <process>, <processid>, <domain>, <login>, <tag1>, <tag2>
Using FileAll<severity>, <process> ,<processid>, <object>
VC Agent MessageAll<severity>, <sname>, <process>, <object>, <objectname>, <vmid>, <command>, <subject>
VIM TaskAll<severity>, <objectname>, <process>, <command>, <session>
VM Directory DeletedAll<severity> ,<process>, <session>, <objectname>, <command> ,<login>, <object>
VM Service MessageAll<process>, <object>, <quantity>
VMK WarningsAll<severity>, <process>, <object>, <vmid>, <subject>
VMKernel : Swap File ExtendedAll<tag1>, <amount>
Vmkernel MessagesAll<severity>, <dname>, <object>, <command>, <objectname>, <subject>
VMKernel Warning MessagesAll<tag1>, <severity>, <process>, <tag2>, <object>
VMWare MessagesAll<url>, <object>, <objectname>, <dport>, <process>, <account>, <domain>, <login>
VMware Syslog MessagesAll<process>
Vpxa AlarmAll<severity>, <objectname>, <process>, <object>, <tag1>
Vpxa App MessagesAll<session>, <object>, <url>, <amount>, <quantity>, <tag2>, <tag1>
VPXA App Messages 2All<session>, <object>, <tag2>, <tag1>
Vpxa MessagesAll<severity>, <protname>, <session>, <object>, <result>, <duration>, <quantity>, <tag2>, <tag1>
Vpxa MessagesAll<severity>, <dname>, <objectname>, <tag1>, <object>, <session>, <url>, <quantitiy>, <vmid>
Vpxa Query Last TimestampAll<session>, <process>, <object>
Vpxa SessionAll<severity>, <object>, <process>, <tag1>, <session>
Vsan D Process InfoAll<severity>, <process>, <processid>, <object>, <parentprocessname>, <command>
Vsan Health ServiceAll<severity>, <group>, <process>, <parentprocessname>, <command>
Vsan Soap Server InformationAll<severity>, <sip>, <dname>, <sport>, <process>, <processid>, <object>, <objectname>, <objecttype>, <subject>, <action>
Vsan System Information MessageAll<severity>, <dname>, <process>, <processid>
Vsan Trace InformationAll<severity>, <process>, <processid>, <object>
Wait For Updates ProcessAll<severity>, <objectname>, <process>, <tag1>
Watchdog MessagesAll<process>, <object>, <tag1>
World Does Not ExistAll<severity>, <process>, <session> ,<objectname>, <object>
World ID Not Set For VMAll<severity>, <process>, <session>, <objectname>, <command>, <object>
Write At Offset FailedAll<severity>, <process>, <quantity>, <object>, <objectname>, <command>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.598.0N/ADevice DocumentationN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close