DFW logs are not being forwarded to syslog server from Aria Operations for Logs
Article ID: 433765
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
- In the Operations for Logs UI, Explore Logs section, creating a filter "hostname" "contains" "<ESXi Hostname>" shows logs other than DFW logs are arriving as expected from the same ESXi hosts.
- Log forwarders are configured to forward DFW logs to a remote syslog server. It has been noticed that logs are no longer arriving from certain hosts at the remote syslog server.
- On the ESXi host in question, the file
/var/log/dfwpktlogs.logis no longer being written to.
Environment
Aria Operations for Logs 8.18.x
Cause
No VMs currently running on the ESXi host.
Resolution
It is expected that if there are no VMs running on the host that /var/log/dfwpktlogs.log will not be written to.
Move running VMs to the ESXi host and verify that /var/log/dfwpktlogs.log is then being written to and these logs then arrive in Aria Operations for Logs
Additional Information
- To confirm that VMs are running on an ESXi host, it can be verified from the vCenter / ESXi UI
- Or with the following command on the ESXi host:
esxcli system syslog config get - It can also be verified in an ESXi support bundle by checking the file:
commands/localcli_vm-process-list.txt
Feedback
Yes
No
Powered by
