The VCDX Podcast

    The VCDX Podcast on Apple Podcasts

    The VCDX Podcast on Spotify

    The VCDX Podcast on Google Podcasts
Latest vBeers:     vBeers – KubeCon -CloudnativeCon EU – Rai Grand Cafe 6pm Tue 31st March
View all vBeer events

Posted by Jun 3, 2010

VMware ESXi 4 Log Files

Like most VI Admins, I've been using VMware ESXi quite a lot more lately and I'm slowly coming across things that are different to how they are in ESX. Log files being one of these differences.

With the absence of the Service Console, ESXi presents a slightly different architecture. If you haven't yet read The Architecture of VMware ESXi, I would recommend having a good read through.

Differences between ESX and ESXi logs

Here is the common log file structure in ESX (Source)

  • /var/log/vmware/hostd.log – ESX Service Log
  • var/log/vmware/vpx/vpxa.log – vSphere Client Agent Logs
  • /var/log/vmware/aam – VMware HA Logs
  • /var/logvmkernel – VMKernel Messages
  • /var/log/vmkwarning – VMKernel Warnings
  • /var/log/messages – Service Console Log

Here is the common log file structure in ESXi

  • /var/log/vmware/hostd.log – ESXi Service Log
  • var/log/vmware/vpx/vpxa.log – vCenter Agent Logs
  • /var/log/messages – Syslog Log (Combines vmkernel & hostd)

As you can see there are a few less logs within ESXi. The message log contains both vmkernel logs and hostd logs. It might also contain the vmkwarning logs, but whilst looking through my log files I was unable to prove this. One log I couldn't find was the AAM log, so if anyone knows what has happened to this log please get in contact.

When to use these log files

  • hostd.log – This is the ESXi Host Agent log. It contains information on the agent that manages the ESXi Host and it's VM's. I don't tend to use this log as much as I used to with ESX, purely because it has been amalgamated in the message log. If you are troubleshooting a Host issue and don't want vmkernel logs getting in the way, this is the log for you. The log entries are time stamped (using UTC timezone) which is pretty handy when looking back to see what happened when an error occurred or something failed.
  • vpxa.log – This log contains information from the agent which communicates with vCenter. This log will not exist if your Host is standalone. I often use this log if I am having HA issues (See previous post). You can also find other information here, such as your Primary HA Cluster Nodes. These log entries are also time stamped  (using UTC timezone).

ESXi HA Primary Nodes

  • messages.log – Contains messages from both vmkernel and hosts, used for troubleshooting the ESXi Host of VM's. Messages from either Hostd or vmkernel are denoted after the time stamp as shown in the image below.

Message Log

Viewing log files in ESXi 4

With the lack of COS we are now unable to view the logs via SSH and be supported by VMware. So what other supported options do we have?

Plenty of options, I'll take you through them.

Using the ESXi Console

Using the ESXi Console (Yellow/Grey) you can login and view the Messages, Hostd and vpxa logs. If you press ALT + F12 you will be able to see the vmkernel log. Although, if I'm honest it's sometimes a little difficult to read them. The ESXi Console can be accessed either locally on the Host or via remote console access systems like ILO and DRAC.

ESXi Console

esxilog2

Using a Web Browser

I found this on techhead.co.uk but I will include the steps here to keep everything in one place.

  • Open your favorite Web Browser
  • Enter the following: https://<esxi ip address>/host
  • Enter the ESXi Host Root username/password

Using a Syslog Server

ESXi gives you the option of configuring a remote syslog server to export all of your logs to. This is very important if you are using diskless setups. In  a diskless setup the log files are held in an in-memory file system and if you reboot your ESXi Host you will loose of your log files. There are two ways to use syslogs to store your ESXi logs, you can either Export them to a syslog Server or use vMA to collect them.

To Export your logs, you can either configure your Host via the VIC or via vMA. The process is shown here: VMware KB1016621

To collect your logs using vMA you need to use the vilogger function. Information on how to use vilogger can be found here: vSphere Management Assistant Guide You can then use tail|more|less to view the logs as you would on an ESX Host.

Note: Here is a guide on Using vMA As Your ESXi Syslog Server

Exporting System Logs in vCenter

You can Export your system logs whilst connect to vCenter using your VIC. The steps to do this can be found here: Export Diagnostic Data If your downloading to a Windows Workstation you can use Winrar to decompress the log files and then view them in either Notepad or any other log viewing software.

Exporting System Logs via the PowerCLI

If you're a PowerCLI user or would like to script the download of your ESXi logs you could use the basic script below.

Get-Log -VMHost &lt;ESXi Host&gt; -Bundle -DestinationPath C:\Tmp

You will also need Winrar to un-zip the bundle to be able to view the logs. There are ways you can actually view the logs via the powershell window, you can read more about that here on Alan Renouf's post: PowerCLI: Reading host log files

Sources

About The SLOG

Hey guys, Welcome!
I'm Simon Long and I've setup this Blog to pass on my experiences and other useful information, mostly focused around Virtualization.
The SLOG