Search the VMware Knowledge Base (KB)
Products:
View by Article ID

Using syslog log markers from the ESXi command line (2146535)

  • 18 Ratings

Purpose

The purpose of this article is to explain the use of syslog log markers from the ESXi shell.

These can be used to isolate issues within log files, and to get a more accurate timestamp for when an issue occurs.

Resolution

use this command to add a syslog markers is:

esxcli system syslog mark --message=string

For example:

esxcli system syslog mark --message=marker

This log entry will be added:

YYYY-MM-DDT<TIME> mark: marker

To use multiple strings, escape any spaces with a backslash, for example:

esxcli system syslog mark --message=marking\ logs\ here

This puts an entry into the following log files:
  • Xorg.log
  • auth.log
  • clomd.log
  • dhclient.log
  • epd.log
  • esxupdate.log
  • fdm.log
  • hostd-probe.log
  • hostd.log
  • hostprofiletrace.log
  • iofiltervpd.log
  • lacp.log
  • likewise.log
  • nfcd.log
  • osfsd.log
  • rabbitmqproxy.log
  • rhttpproxy.log
  • sdrsinjector.log
  • shell.log
  • storagerm.log
  • swapobjd.log
  • syslog.log
  • usb.log
  • vmauthd.log
  • vmkdevmgr.log
  • vmkernel.log
  • vmkeventd.log
  • vmksummary.log
  • vmkwarning.log
  • vobd.log
  • vprobe.log
  • vprobed.log
  • vpxa.log
  • vsanvpd.log
  • vvold.log
Use this syntax to surround a task with syslog markers to get as accurate a timestamp as possible:

The syntax for this is:

esxcli system syslog mark --message=first\ string\ here ; task_here ; esxcli system syslog mark --message=second\ string\ here

For example marking the logs that are created durring a virtual machine power on:

esxcli system syslog mark --message=begin\ marking\ logs ; vim-cmd vmsvc/power.on 11 ; esxcli system syslog mark --message=finish\ marking\ logs

To review only the section of the log file between the 2 syslog markers, use this command:

sed -n '/first\ string\ here/,/second\ string\ here/p' logname

For example:

sed -n '/begin\ marking\ logs/,/finish\ marking\ logs/p' /var/log/vmkernel.log

YYYY-MM-DDT<TIME> mark: begin marking logs
YYYY-MM-DDT<TIME> cpu1:8274629)World: vm 8274630: 1646: Starting world vmm0:virtualmachine1 of type 8
YYYY-MM-DDT<TIME> cpu1:8274629)Sched: vm 8274630: 6485: Adding world 'vmm0:virtualmachine1', group 'host/user'
YYYY-MM-DDT<TIME> cpu1:8274629)Sched: vm 8274630: 6500: renamed group 54968557 to vm.8274629
YYYY-MM-DDT<TIME> cpu1:8274629)Sched: vm 8274630: 6517: group 54968557 is located under group 4
YYYY-MM-DDT<TIME> cpu1:8274629)MemSched: vm 8274629: 8113: extended swap to 48442 pgs
YYYY-MM-DDT<TIME> cpu0:8274629)VSCSI: 4011: handle 8196(vscsi0:0):Creating Virtual Device for world 8274630
YYYY-MM-DDT<TIME> cpu1:8274630)VMMVMKCall: 235: Received INIT from world 8274630
YYYY-MM-DDT<TIME> cpu1:8274630)LSI: 1755: LSI: Initialized rings for scsi0 async=1, record=0 replay=0
YYYY-MM-DDT<TIME> cpu0:8274635)Net: 2444: connected virtualmachine1.eth0 eth0 to vDS, portID 0x6000008
YYYY-MM-DDT<TIME> cpu0:8274635)Net: 3135: associated dvPort 2 with portID 0x6000008
YYYY-MM-DDT<TIME> cpu0:8274635)NetPort: 3090: resuming traffic on DV port 2
YYYY-MM-DDT<TIME> mark: finish marking logs

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 18 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 18 Ratings
Actions
KB: