Using syslog log markers from the ESXi command line
search cancel

Using syslog log markers from the ESXi command line

book

Article ID: 342571

calendar_today

Updated On: 10-03-2024

Products

VMware vSphere ESXi

Issue/Introduction

The purpose of this article is to explain the use of syslog log markers from the ESXi shell.

These can be used to isolate issues within log files, and to get a more accurate timestamp for when an issue occurs.


Environment

VMware vSphere ESXi 5.x
VMware vSphere ESXi 6.x
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x

Resolution

use this command to add a syslog markers is:

esxcli system syslog mark --message=string

For example:

esxcli system syslog mark --message=marker

This log entry will be added:

YYYY-MM-DDT<time> mark: marker</time>

To use multiple strings, escape any spaces with a backslash, for example:

esxcli system syslog mark --message=marking\ logs\ here

This puts an entry into the following log files:
  • Xorg.log
  • auth.log
  • clomd.log
  • dhclient.log
  • epd.log
  • esxupdate.log
  • fdm.log
  • hostd-probe.log
  • hostd.log
  • hostprofiletrace.log
  • iofiltervpd.log
  • lacp.log
  • likewise.log
  • nfcd.log
  • osfsd.log
  • rabbitmqproxy.log
  • rhttpproxy.log
  • sdrsinjector.log
  • shell.log
  • storagerm.log
  • swapobjd.log
  • syslog.log
  • usb.log
  • vmauthd.log
  • vmkdevmgr.log
  • vmkernel.log
  • vmkeventd.log
  • vmksummary.log
  • vmkwarning.log
  • vobd.log
  • vprobe.log
  • vprobed.log
  • vpxa.log
  • vsanvpd.log
  • vvold.log
Use this syntax to surround a task with syslog markers to get as accurate a timestamp as possible:

The syntax for this is:

esxcli system syslog mark --message=first\ string\ here ; task_here ; esxcli system syslog mark --message=second\ string\ here

For example marking the logs that are created durring a virtual machine power on:

esxcli system syslog mark --message=begin\ marking\ logs ; vim-cmd vmsvc/power.on 11 ; esxcli system syslog mark --message=finish\ marking\ logs

To review only the section of the log file between the 2 syslog markers, use this command:

sed -n '/first\ string\ here/,/second\ string\ here/p' logname

For example:

sed -n '/begin\ marking\ logs/,/finish\ marking\ logs/p' /var/log/vmkernel.log

YYYY-MM-DDT<time> mark: begin marking logs</time>
YYYY-MM-DDT<time> cpu1:8274629)World: vm 8274630: 1646: Starting world vmm0:virtualmachine1 of type 8</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6485: Adding world 'vmm0:virtualmachine1', group 'host/user'</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6500: renamed group 54968557 to vm.8274629</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6517: group 54968557 is located under group 4</time>
YYYY-MM-DDT<time> cpu1:8274629)MemSched: vm 8274629: 8113: extended swap to 48442 pgs</time>
YYYY-MM-DDT<time> cpu0:8274629)VSCSI: 4011: handle 8196(vscsi0:0):Creating Virtual Device for world 8274630</time>
YYYY-MM-DDT<time> cpu1:8274630)VMMVMKCall: 235: Received INIT from world 8274630</time>
YYYY-MM-DDT<time> cpu1:8274630)LSI: 1755: LSI: Initialized rings for scsi0 async=1, record=0 replay=0</time>
YYYY-MM-DDT<time> cpu0:8274635)Net: 2444: connected virtualmachine1.eth0 eth0 to vDS, portID 0x6000008</time>
YYYY-MM-DDT<time> cpu0:8274635)Net: 3135: associated dvPort 2 with portID 0x6000008</time>
YYYY-MM-DDT<time> cpu0:8274635)NetPort: 3090: resuming traffic on DV port 2</time>
YYYY-MM-DDT<time> mark: finish marking logs</time>


Additional Information