- VMware vSAN 2 Nodes: What's New in vSphere 7.0 - Tue, Aug 11 2020
- VMware disk modes: Which one is best? - Wed, Aug 5 2020
- vSphere 7.0 – Upgrade virtual VM hardware and VMware Tools - Fri, Jul 31 2020
You can then send these log files to VMware support after opening a support request to investigate what's going on and resolve problems you might have.
But different VMware products have different log locations and different ways to get these logs. How do you keep track of it all? When working in an enterprise environment, you'll perhaps want to get software that will not only be able to centralize and gather all of these logs but also "ingest" the logs and tell you if there are more errors than usual.
A proactive option is monitoring software that can store logs in one location and analyze them to provide you with patterns identified as warnings or failures.
One such application is VMware Log Insight, but in this post, we will not install and configure this software. Today we only want to know which logs are the most important, how to get them, and how to send them to VMware.
vCenter Server log files ^
For environments using VMware vCenter Server, this operation of gathering support logs is now greatly simplified. To generate a support bundle, connect to your vCenter Server via the vSphere HTML 5 Web Client and then go to Home > Hosts and Clusters. Select the vCenter Server you want to generate support logs from and go to Actions > Export System Logs.
You can choose to export ESXi host log bundles and vSphere web client log files within the same bundle. With this information, VMware has everything they need to identify the problem. Within these subdirectories, vCenter Server logs are grouped by component and purpose. However, most of the time, you won't need to know all of this.
If you're using a vCenter Server Appliance (VCSA) as VMware recommends, you can also get the logs from a Secure Shell (SSH) session or a direct console session in case you have problems and using the vSphere Web Client isn't a possibility. You'll find the main vCenter Server log at vpxd/vpxd.log
VMware ESXi host log files ^
What if you don't have vCenter and want to check the logs for a VMware ESXi host? For individual ESXi hosts vCenter Server doesn't manage, you can get support logs via this procedure:
In your web browser, go to https://ESXI-IP-ADRESS/UI. Then go to Monitor > Logs > Generate log bundle.
You can do two things here:
- You can check different logs by selecting a log file and verifying the content in the lower pane.
- You can generate a log bundle.
Creating logs takes a few minutes, maybe five. Afterward, a small pop-up window appears telling you this:
The logs are quite voluminous; in my case they were like 155 MB in size. It's pretty convenient and simple to have these logs on your C: drive, but then you'll have to "ship" them to VMware. But again, it's simple.
You simply have to connect to your space at the myVMware portal and go to the Get Support section. There you will have to Select an issue and upload a log file.
ESXi logs and locations ^
You can find different ESXi log locations and the meaning of each log in this table from a VMware knowledge base article.
As you can see, quite a few logs are stored on ESXi hosts. ESXi records host activity in log files by using syslog, a standard for message logging. It is not proprietary to VMware and ESXi.
Within your environment, you can configure a syslog server. Instead of jumping from one ESXi host to another to check the logs, it's way better to install and configure a syslog server to pull the data from many ESXi hosts. Without a syslog server, you'd have to check through each ESXi host individually.
The syslog protocol supports a wide range of devices, and you can use it to log different types of events. For example, a router might send messages about users logging on to console sessions, while a web server might log access-denied events.
Syslog is a great way to consolidate logs from multiple sources into a single location, so you can configure each ESXi host to send its logs to a syslog server—to a single, central location.
You can download and test many free syslog servers. One of them for example is Kiwi Syslog Server from SolarWinds, but it is outside the scope of this post.
Whether you administer a small company's network or an enterprise-grade network infrastructure, in the long term, you should definitely consider employing a syslog monitoring tool.
Such a software tool would help you not only see what is happening on your network but also put yourself in a position to be proactive and able to react on events before a failure occurs. After all, it's all about uptime.