use this command to add a syslog markers is:
esxcli system syslog mark --message=string
For example:
esxcli system syslog mark --message=marker
This log entry will be added:
YYYY-MM-DDT<time> mark: marker</time>
To use multiple strings, escape any spaces with a backslash, for example:
esxcli system syslog mark --message=marking\ logs\ here
This puts an entry into the following log files:
- Xorg.log
- auth.log
- clomd.log
- dhclient.log
- epd.log
- esxupdate.log
- fdm.log
- hostd-probe.log
- hostd.log
- hostprofiletrace.log
- iofiltervpd.log
- lacp.log
- likewise.log
- nfcd.log
- osfsd.log
- rabbitmqproxy.log
- rhttpproxy.log
- sdrsinjector.log
- shell.log
- storagerm.log
- swapobjd.log
- syslog.log
- usb.log
- vmauthd.log
- vmkdevmgr.log
- vmkernel.log
- vmkeventd.log
- vmksummary.log
- vmkwarning.log
- vobd.log
- vprobe.log
- vprobed.log
- vpxa.log
- vsanvpd.log
- vvold.log
Use this syntax to surround a task with syslog markers to get as accurate a timestamp as possible:
The syntax for this is:
esxcli system syslog mark --message=first\ string\ here ; task_here ; esxcli system syslog mark --message=second\ string\ here
For example marking the logs that are created durring a virtual machine power on:
esxcli system syslog mark --message=begin\ marking\ logs ; vim-cmd vmsvc/power.on 11 ; esxcli system syslog mark --message=finish\ marking\ logs
To review only the section of the log file between the 2 syslog markers, use this command:
sed -n '/first\ string\ here/,/second\ string\ here/p' logname
For example:
sed -n '/begin\ marking\ logs/,/finish\ marking\ logs/p' /var/log/vmkernel.log
YYYY-MM-DDT<time> mark: begin marking logs</time>
YYYY-MM-DDT<time> cpu1:8274629)World: vm 8274630: 1646: Starting world vmm0:virtualmachine1 of type 8</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6485: Adding world 'vmm0:virtualmachine1', group 'host/user'</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6500: renamed group 54968557 to vm.8274629</time>
YYYY-MM-DDT<time> cpu1:8274629)Sched: vm 8274630: 6517: group 54968557 is located under group 4</time>
YYYY-MM-DDT<time> cpu1:8274629)MemSched: vm 8274629: 8113: extended swap to 48442 pgs</time>
YYYY-MM-DDT<time> cpu0:8274629)VSCSI: 4011: handle 8196(vscsi0:0):Creating Virtual Device for world 8274630</time>
YYYY-MM-DDT<time> cpu1:8274630)VMMVMKCall: 235: Received INIT from world 8274630</time>
YYYY-MM-DDT<time> cpu1:8274630)LSI: 1755: LSI: Initialized rings for scsi0 async=1, record=0 replay=0</time>
YYYY-MM-DDT<time> cpu0:8274635)Net: 2444: connected virtualmachine1.eth0 eth0 to vDS, portID 0x6000008</time>
YYYY-MM-DDT<time> cpu0:8274635)Net: 3135: associated dvPort 2 with portID 0x6000008</time>
YYYY-MM-DDT<time> cpu0:8274635)NetPort: 3090: resuming traffic on DV port 2</time>
YYYY-MM-DDT<time> mark: finish marking logs</time>