Filtering logs in VMware vSphere ESXi
search cancel

Filtering logs in VMware vSphere ESXi

book

Article ID: 320793

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

In VMware vSphere ESXi 6.0, the ability to filter or exclude logging expressions from the system logs was introduced. This article provides information on filter or excluding specific logging expressions from the system logs. This process is useful for removing trivial or informational logging event from the system logs.

Environment

VMware ESXi 6.7.x
VMware ESXi 6.0.x
VMware ESXi 6.5.x

Resolution

Caution: VMware does not recommend reducing logging as it may make it impossible to properly troubleshoot potential future issues.
 
To enable log filtering and exclude a log expression:
  1. Log in to the VMware vSphere ESXi 6.0 host as root via console or SSH.
  2. Run this command to save the original vmsyslog.conf:

    cp /etc/vmsyslog.conf /etc/vmsyslog.orig
     
  3. Using a text editor, open the /etc/vmsyslog.conf and add the line:

    enable_logfilters = true
     
  4. Save the file.
  5. Using a text editor, open the /etc/vmware/logfilters file and add the log expression to exclude using the format:

    numLogs | ident | logRegexp

    Values:

    numLogs - This value is the number of times the log entry can appear before it is filtered and excluded from system logs.

    Note: By setting this value to zero, the expression defined will be suppressed from the system logs. Values greater than zero will result in the suppressing the expression defined when repeated in close proximity within the system logs.

    ident - This value is used to identify the originating location of the log expression. For more information, see the /etc/vmsyslog.conf.d/*.conf files for all available values.
    logRegexp - This value is used to define the log expression to exclude conforming to the Python regular expression syntax.

    Example:

    Some rescan commands for local storage devices will report a SCSI log expression in the vmkernel.log that can be safely filtered.

    Below is an example of the logfilters file including these expressions:

    0 | vmkernel | 0x1a.* H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x2[04] 0x0
    0 | vmkernel | 0x85.* H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x20 0x0
    0 | vmkernel | 0x12.* H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x24 0x0
    0 | vmkernel | 0x9e.* H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x20 0x0
    0 | vmkernel | bad CDB .* scsi_op=0x9e
    0 | vmkernel | 0x4d.* H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x20 0x0
     
  6. Save the file.
  7. Run this command to reload the syslog service and apply the log filter:

    esxcli system syslog reload


Additional Information

For filtering of logs in 7.0U2 and later, see the Configure Log Filtering on ESXi Hosts section in the About VMware ESXi Installation and Setup guide.

VMware vSphere ESXi のログにフィルタを適用する
在 VMware vSphere ESXi 中筛选日志

Impact/Risks:



Powered by Wolken Software