Analyze log entries to obtain configuration information & identify and resolve issues

For those 5.4 Two objectives they say "I am not sure" , coz I am Good boy , I will say "let me try" šŸ™‚

As per ‘VCAP5-DCA Official Cert Guide‘ Chapter# 7

vmkwarning.log & vmksummary.log are good place when system outage happens

And as per Vmware :

You can review ESXi 5.1 and 5.5 host log files using these methods:

· From the Direct Console User Interface (DCUI). For more information, see About the Direct Console ESXi Interface in the vSphere 5.5 Installation and Setup Guide.

· From the ESXi Shell. For more information, see the Log In to the ESXi Shell section in the vSphere 5.5 Installation and Setup Guide.

· Using a web browser at https:// HostnameOrIPAddress/host. For more information, see the HTTP Access to vSphere Server Filessection.

· Within an extracted vm-support log bundle. For more information, see Export System Log Files in the vSphere Monitoring and Performance Guide or Collecting diagnostic information for VMware ESX/ESXi using the vm-support command (1010705).

· From the vSphere Web Client. For more information, see Viewing Log Files with the Log Browser in the vSphere Web Client in the vSphere Monitoring and Performance Guide.

From <>

ESXi Host Log Files

Logs for an ESXi 5.1 host are grouped according to the source component:

· /var/log/auth.log: ESXi Shell authentication success and failure.

· /var/log/dhclient.log: DHCP client service, including discovery, address lease requests and renewals.

· /var/log/esxupdate.log: ESXi patch and update installation logs.

· /var/log/lacp.log: Link Aggregation Control Protocol logs.

· /var/log/hostd.log: Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.

· /var/log/hostd-probe.log: Host management service responsiveness checker.

· /var/log/rhttpproxy.log: HTTP connections proxied on behalf of other ESXi host webservices.

· /var/log/shell.log: ESXi Shell usage logs, including enable/disable and every command entered.

· /var/log/sysboot.log: Early VMkernel startup and module loading.

· /var/log/boot.gz: A compressed file that contains boot log information and can be read using zcat /var/log/boot.gz|more.

· /var/log/syslog.log: Management service initialization, watchdogs, scheduled tasks and DCUI use.

· /var/log/usb.log: USB device arbitration events, such as discovery and pass-through to virtual machines.

· /var/log/vobd.log: VMkernel Observation events, similar to vob.component.event.

· /var/log/vmkernel.log: Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup.

· /var/log/vmkwarning.log: A summary of Warning and Alert log messages excerpted from the VMkernel logs.

· /var/log/vmksummary.log: A summary of ESXi host startup and shutdown, and an hourly heartbeat with uptime, number of virtual machines running, and service resource consumption. /var/log/Xorg.log: Video acceleration.


Logs from vCenter Server Components on ESXi 5.1 and 5.5

When an ESXi 5.1 / 5.5 host is managed by vCenter Server 5.1 and 5.5, two components are installed, each with its own logs:

· /var/log/vpxa.log: vCenter Server vpxa agent logs, including communication with vCenter Server and the Host Management hostd agent.

· /var/log/fdm.log: vSphere High Availability logs, produced by the fdm service.

From <>

And as per ME J

Here are where logs are located:

If you are not sure ,, go to the root and search like this:

~ # find / -name *vm*.log

A nice way to search for specific word in all files by using linux grep command:

/var/log # grep -H -r "esxi02" *.log |more

note that first it mentions the file name that is why is H and little r for recursive down level directories if found:

As in Exam it is allowed to have kb site, just search with those 3 words :

1st URL will take you to:

Interpreting SCSI sense codes in VMware ESXi and ESX (289902)

From <>

After reviewing the above sense codes, you can search for specific error:

/var/log # grep "0x2" vmkernel.log |more

Below I am searching for the sense code description (An unspecified error occurred.) which is 0x1 and filter by fail:

/var/log # grep "0x1" vmkernel.log |more |grep fail


About Ahmad Sabry ElGendi
This entry was posted in Vmware. Bookmark the permalink.

One Response to Analyze log entries to obtain configuration information & identify and resolve issues

  1. Naveen says:

    Very Helpful. Thanks!!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s