Being in the IT Industry and working on Vmware Products must have allowed you to capture an ESXi Support Bundle. This is generally done so that you can share the information with people like us (Vmware Support), However, have you ever thought of extracting the logs and checking what’s in it.
If not then this is an article for you, here I will show you some of the important logs which are present in the ESXi Support bundle along with a Script which can make the logs review and extraction easier.
To have a better understanding of the logs that we have and their purpose, let’s just look into the architecture of a simple vSphere Environment:
Component | Location |
VMkernel | /var/log/vmkernel.log |
VMkernel warnings | /var/log/vmkwarning.log |
VMkernel summary | /var/log/vmksummary.log |
ESXi host agent log | /var/log/hostd.log |
vCenter agent log | /var/log/vpxa.log |
Shell log | /var/log/shell.log |
Authentication | /var/log/auth.log |
System messages | /var/log/syslog.log |
Virtual machines | The same directory as the affected virtual machine’s configuration files, named vmware.log and vmware*.log. |
Workflow:
Every ESXi Host is Connection to vCenter using the VPXA Service which is an agent service of the vCenter and is responsible for sending commands to the ESXi, For example, if you send a command of Powering On a Virtual Machine from vCenter.
Let’s Understand the flow of services while taking this as an example.
- Power-On the VM: From the vCenter, we start the Virtual Machine.
- As soon as we click the option “Power On” there will be a request that will be generated by the VPXD Service for the VPXA Service on the ESXi host where the VM is running.
- Here you will see the start of logging of events starting from VPXD Service to VPXA Service.
- Here you will see the start of logging of events starting from VPXD Service to VPXA Service.
- Once the Agent Service of the ESXi will receive the “Power On” Request it will send the request to the Host Manager of the ESXi System, which is also known as the Hostd Service.
- This is the agent that manages and configures the ESXi host and its virtual machines. So for this service, there will be logging done at the Hostd.log.
- This is the agent that manages and configures the ESXi host and its virtual machines. So for this service, there will be logging done at the Hostd.log.
- Now the Request will reach the real service which is responsible for most of the ESXi Specific Operations, i.e. VMKernel Service. This will receive the “Power On” Request and will start the Virtual machine-specific Tasks along with turning on the Virtual Machine.
- The logging specific to its operation will be done in the Vmkernel. Logfile.
- VMKsummary logs are associated with Vmkernel logs and are used to determine uptime and availability statistics for ESXi (comma separated).
- Now as soon as the Virtual Machine will start it will initiate the VM processes and the Process specific logging will happen in the Vmware.log. This file will be located in the Directory of the Virtual Machine config file.
Now along with this, there are few other log files as well:
Shell.log: Contains the records of the command that someone runs by accessing the shell of the ESXi Host.
Auth.log: Contains all events related to authentication for the local system.
Now Since we have an idea about these logging I will show you an easy way to capture and extract these log file so that you can review it with Ease.
Please Note that at the end of the series i will be sharing a script which will help you in extracting the logs and merging them together with just a click of a button.
