Multiple INFO and WARNING Alerts received for ESXis for Event burst of 'esx.audit.ssh.session.opened'

search cancel

Multiple INFO and WARNING Alerts received for ESXis for Event burst of 'esx.audit.ssh.session.opened'

book

Article ID: 409911

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Below details are found in logs,

vobd.log
yyyy-mm-ddThh:mm:ss.679Z:[GenericCorrelator] 7144316722583us: [vob. user. ssh. session. opened] SSH session was opened for '[email protected]'.
yyyy-mm-ddThh:mm:ss.679Z:[UserLevelCorrelator] 7144316722825us: [esx. audit. ssh. session. opened] SSH session was opened for '[email protected]'.
yyyy-mm-ddThh:mm:ss.735Z:[GenericCorrelator] 7144316949934us: [vob. user. ssh. session. closed] SSH session was closed for '[email protected]'.
yyyy-mm-ddThh:mm:ss.735Z:[UserLevelCorrelator] 7144316949934us: [vob. user. ssh. session. closed] SSH session was closed for '[email protected]'.
yyyy-mm-ddThh:mm:ss.735Z:[UserLevelCorrelator] 7144316950194us: [esx. audit. ssh. session. closed] SSH session was closed for '[email protected]'.
yyyy-mm-ddThh:mm:ss.967Z:[UserLevelCorrelator] 7144317171092us: [vob. user. ssh. session. opened] SSH session was opened for '[email protected]'.
yyyy-mm-ddThh:mm:ss.967Z:[GenericCorrelator] 7144317171092us: [vob.user. ssh. session. opened] SSH session was opened for '[email protected]'.
yyyy-mm-ddThh:mm:ss.967Z:[UserLevelCorrelator] 7144317171293us: [esx. audit. ssh. session. opened] SSH session was opened for '[email protected]'.
yyyy-mm-ddThh:mm:ss.034Z:[GenericCorrelator] 7144317413639us: [vob. user. ssh. session. closed] SSH session was closed for '[email protected]'.

Environment

ESXi 7.x

ESXi 8.x

Cause

ESXi is part of Nutanix Cluster.
IPs mentioned in above vobd logs belong to Nutanix CVMs(Controller VM).

Resolution

Contact Nutanix support to identify the large amount of SSH session requests getting generated.

Feedback

thumb_up Yes

thumb_down No