List of log files VMware vSphere ESX Classic version 4

The following log files contain information that needs to be track on a VMware vSphere ESX 4 Classic Host to be in compliance with many security standards and best practices such as CIS Benchmark, PCI-DSS, SOX section 404, HIPPA, CPNI, COSO, ISO 20001, COBIT, and so on.
You can use syslog or splunk lightweight forwarders for this purpose.

/var/log/vmkernel

/var/log/secure

/var/log/vmkwarning

/var/log/vmksummary

/var/log/vmksummary.txt

/var/log/messages

/var/log/vmware/*.log

/var/log/vmware/aam/*.log

/var/log/vmware/aam/*.err

/var/log/vmware/webAccess/*.log

/var/log/vmware/vpx/vpxa.log

/vmfs/volumes/*/*/*.log

 

Table with Explanation of files to log for VMware vSphere ESX Classic version 4

Component

Location

Purpose

 VMkernel

 /var/log/vmkernel

 Records activities related to the virtual machines and ESX

VMkernel warnings

/var/log/vmkwarning

Records activities with the virtual machines

VMkernel summary

/var/log/vmksummary

Used to determine uptime and availability statistics for ESX; comma separated

VMkernel summary human readable

/var/log/vmksummary.txt

Used to determine uptime and availability statistics for ESX; human‐readable summary

ESX host agent log

/var/log/vmware/hostd.log

Contains information on the agent that manages and configures the ESX host and its virtual machines

vCenter agent

 

/var/log/vmware/vpx/vpxa.log

Contains information on the agent that communicates with vCenter

Web access

Log all the files in the directory /var/log/vmware/webAccess/*.log
client.log, proxy.log, unitTest.log, viewhelper.log, objectMonitor.log, timer.log, updateThread.log

Records information on Web-based access to ESX
(service vmware-webAccess start on ESX host to enable this)

Authentication log

/var/log/secure

Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd.

Service Console

/var/log/messages

Contain all general log messages used to troubleshoot virtual machines or ESX

Virtual machines

The same directory as the affected virtual machine’s configuration files; named vmware.log and vmware‐*.log

/vmfs/volumes/<DS>/<VM>/vmware.log

/vmfs/volumes/<DS>/<VM>/vmware-*.log

Contain Virtual Machine Power Events, system crashes, Tools status and activity, Time Sync, Virtual Hardware changes, VMotion Migrations, Machine Clones,