VmHostd Log Monitor Test

The VmHostdLogTest monitors the ESX Server host agent log file to which the activities of the agent that configures and manages the ESX server host and its virtual machines are logged. The test scans the log file for entries matching configured patterns, and alerts administrators whenever such entries are found in the log file.

Target of the test : An ESX server host

Agent deploying the test : A remote agent

Outputs of the test : One set of results for every log file pattern configured for monitoring

Configurable parameters for the test
  1. Test period - How often should the test be executed
  2. Host - The host for which the test is to be configured.
  3. port - The port at which the specified host listens. By default, this is NULL.
  4. esx user and esx password - To enable this test to read the log file and report metrics, the test should be configured with an ESX USER and ESX PASSWORD.

    If the metrics are to be collected by directly connecting to the ESX server in question (i.e., if the VIRTUAL CENTER parameter is set to none), then a user with Administrator privileges to the target ESX server can be set as the ESX USER. However, if, owing to security constraints, you cannot expose the credentials of the Administrator, then you can create a special role for this purpose in the ESX server, and grant the Diagnostics permission to this role. You can then add a new user to the ESX server, and assign the newly created role to that user. The detailed procedure for accomplishing this task is available inConfiguring a Special Role and User on the ESX Server for Log Monitoring section.

    On the other hand, if the test needs to connect to vCenter for collecting the log-file related metrics (i.e., if the IP address of vCenter is specified against the VIRTUAL CENTER parameter), then a user with Administrator privileges to vCenter must be set as the ESX USER. Here again, if you cannot expose the credentials of the Administrator due to security restrictions imposed by your environment, then, you can create a special role in vCenter, grant Diagnostics permission to this role, and then assign this role to a local/domain user to vCenter. The credentials of this user can then be passed to the ESX USER and ESX PASSWORD parameters. The steps for creating such a role in vCenter and assigning the role to a local/domain user are documented in Configuring a Special Role and User on the ESX Server for Log Monitoring section.

  5. confirm password - Confirm the password by retyping it here.
  6. ssl - By default, the ESX server is SSL-enabled. Accordingly, the SSL flag is set to Yes by default. This indicates that the eG agent will communicate with the ESX server via HTTPS by default.

    Like the ESX sever, the vCenter is also SSL-enabled by default. If you have chosen to use the vCenter for monitoring, then you have to set the SSL flag to Yes.

  7. webport - By default, in most virtualized environments, the vSphere/ESX server and vCenter listen on port 80 (if not SSL-enabled) or on port 443 (if SSL-enabled). This implies that while monitoring an SSL-enabled vSphere/ESX server directly, the eG agent, by default, connects to port 443 of the vSphere/ESX server to pull out metrics, and while monitoring a non-SSL-enabled server, the eG agent connects to port 80. Similarly, while monitoring a vSphere/ESX server via an SSL-enabled vCenter, the eG agent connects to port 443 of vCenter to pull out the metrics, and while monitoring via a non-SSL-enabled vCenter, the eG agent connects to port 80 of vCenter. 

    Accordingly, the webport parameter is set to 80 or 443 depending upon the status of the ssl flag.  In some environments however, the default ports 80 or 443 might not apply. In such a case, against the webport parameter, you can specify the exact port at which the vSphere/ESX server or vCenter in your environment listens so that the eG agent communicates with that port.

  8. VIRTUAL CENTER - If the eG manager had discovered the target ESX server by connecting to vCenter, then the IP address of the vCenter server used for discovering this ESX server would be automatically displayed against the vIRTUAL center parameter; similarly, the esx user and esx password text boxes will be automatically populated with the vCenter user credentials, using which ESX discovery was performed.

    If this ESX server has not been discovered using vCenter, but you still want to monitor the ESX server via vCenter, then select the IP address of the vCenter host that you wish to use for monitoring the ESX server from the vIRTUAL center list. By default, this list is populated with the IP address of all vCenter hosts that were added to the eG Enterprise system at the time of discovery. Upon selection, the esx user and esx password that were pre-configured for that vCenter server will be automatically displayed against the respective text boxes.

    On the other hand, if the IP address of the vCenter server of interest to you is not available in the list, then, you can add the details of the vCenter server on-the-fly, by selecting the Other option from the vIRTUAL center list. This will invoke the add vcenter server details page. Refer to Adding the Details of a vCenter Server for VM Discovery section to know how to add a vCenter server using this page. Once the vCenter server is added, its IP address, esx user, and esx password will be displayed against the corresponding text boxes.

    On the other hand, if you want the eG agent to behave in the default manner -i.e., communicate with each ESX server for monitoring it - then set the VIRTUAL CENTER parameter to ‘none’. In this case, the ESX USER and ESX PASSWORD parameters can be configured with the credentials of a user who has at least ‘Read-only’ privileges to the target ESX server.

  9. hostd patterns - In the HOSTD PATTERNS text box, specify the pattern to search for in the log file in the following format: <PatternName>:<Pattern>, where <PatternName> is the pattern name that will be displayed in the monitor interface and <Pattern> is an expression of the form - expr or expr or expr or expr, etc. A leading ‘*’ signifies any number of leading characters, while a trailing ‘*’ signifies any number of trailing characters.

    For example, say you specify VM:VM-* in the HOSTD PATTERNS text box. This indicates that “VMis the pattern name that will be displayed as a descriptor of this test in the monitor interface. VM-* indicates that the test will monitor only those lines in the log file which start with the term VM-“. Similarly, if your pattern specification reads: offline:*offline, then it means that the pattern name is offline and that the test will monitor those lines in the log which end with the term offline.  

    Multiple search patterns can be specified as a comma-separated list. For example: VM:VM-*,offline:*offline*,online:*online. If you want to monitor all the entries in the log file, your specification would be all:all.

  10. ignore hostd lines - In the IGNORE HOSTD LINES text box, specify the pattern of entries that is to be excluded from monitoring. For example, if you want the test to disregard those entries which begin with the term VM, then specify VM* in the IGNORE HOSTD LINES text box. Multiple search patterns can be specified as a comma-separated list. For example, VM*,*VM. A leading ‘*’ signifies any number of leading characters, while a trailing ‘*’ signifies any number of trailing characters. If no lines are to be ignored, then enter none here. If you want to ignore all the lines in the log file, your specification would be all:all.
  11. dd frequency - Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY.

  12. DETAILED DIAGNOSIS – To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

    The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

    • The eG manager license should allow the detailed diagnosis capability
    • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

New entries

Indicates the number of new entries in the ESX server host agent log that match the configured patterns.

Number

The detailed diagnosis of this measure, if enabled, provides the details of these entries.

Configuring a Special Role and User on the ESX Server for Log Monitoring

If the eG agent has been configured to directly connect to the target ESX server for reading the log files - i.e., if the vCenter parameter of all the log tests is set to none - then, to remotely monitor the log files on an ESX server, the eG agent requires Administrator privileges to the ESX server in question. In other words, the esx user and esx password parameters of the log test should contain the login credentials of a user with Administrator rights to the ESX server. However, if, owing to security constraints, you cannot expose the credentials of the Administrator, then you can create a special role for this purpose in the ESX server, and grant the Diagnostics permission to this role. You can then add a new user to the ESX server, and assign the newly created role to that user. The procedure for achieving this is detailed below:

  1. Login to a system on which the VMware Infrastructure Client is installed.
  2. Double-click on the VMware Infrastructure Client icon on your desktop.
  3. Figure 1 then appears. To connect to an ESX server, select the IP address / Name of the ESX server, and then provide the login information. To grant access permissions to a user, you will have to login to vCenter as an administrator. Therefore, provide the User name and Password of the administrator in Figure 1.

    Figure 1 : Connecting to vCenter

  4. When the Virtual Infrastructure Client opens, click on the Administration icon indicated by Figure 2.

    Figure 2 : Clicking on the Administration icon

  5. The Roles tab page opens by default, revealing the roles that pre-exist on the ESX server (see Figure 3).

    Figure 3 : Viewing the roles available on the ESX server

  6. To create a special role, right-click anywhere within Figure 3, and select Add from the shortcut menu that appears.
  7. Figure 4 then appears wherein you need to Enter Name of the new role. Since the role requires Diagnostics privileges, expand the Global node in Figure 4, and select the Diagnostics check box under it.

    Figure 4 : Creating a new role and assigning Diagnostics privilege to it

  8. Then, click the ok button in Figure 4 to save the changes.
  9. Figure 5 then appears listing the newly created role.  Once the role is created, proceed to assign the role to a local/domain user to vCenter. The first step towards achieving this is to click on the Inventory icon indicated by Figure 5.

    Figure 5 : The Roles tab page listing the newly created role

  10. Figure 6 then appears. To create a new user on the ESX server, click on the Users & Groups tab page in the right panel of Figure 6.

    Figure 6 : Details of users to the ESX server

  11. When the Users & Groups tab page opens, right-click anywhere within the tab page, and pick the Add option from the shortcut menu that appears (see Figure 6). Figure 7 then opens, using which you can create a new user.

    Figure 7 : Creating a new user

  12. To add the new user details, click the ok button in Figure 7.
  13. Next, to assign Diagnostics permission to the newly created user, click on the Permissions tab page in the right panel of Figure 7. Figure 8 then appears.

    Figure 8 : The Permissions tab page

  14. To map the new role that we created with the new user, first, right-click anywhere within the Permissions tab page of Figure 8, and then pick the Add Permission option from the shortcut menu (see Figure 9).

    Figure 9 : Adding a permission

  15. From the Assigned Role section of Figure 10 that appears, select the newly created role. Since no users have been assigned this role yet, the Users and Groups section of Figure 10 will appear empty. To map this role to the new user, click the Add button in Figure 10.

    Figure 10 : Selecting the role to be assigned to the new user

  16. Figure 11 that then appears allows you to select a local/domain user. Since the user we created is local to the ESX server, just select <servers> from the Domain list. All valid users to the ESX server will then be listed in the Users and Groups section in Figure 11. Select the one that you just created from this list (see Figure 11).

    Figure 11 : Selecting the newly created user

  17. Then, click the Add button in Figure 11. The chosen user will then be added to the Users box as depicted by Figure 12.

    Figure 12 : Adding the chosen user

  18. Next, click the ok button in Figure 12. Figure 13 then appears displaying the user that you added previously, in the Users and Groups section.

    Figure 13 : Assigning the Diagnostics role to a chosen user

  19. Finally, click the ok button.

Configuring a Special Role on vCenter for Log File Monitoring, and Assigning the Role to a Local/Domain User

If the eG agent has been configured to connect to vCenter for monitoring the ESX log files - i.e., if the vCenter parameter of the log tests is set to the IP address of vCenter - then, to obtain a remote connection to vCenter, the eG agent requires Administrator privileges to vCenter. In other words, the esx user and esx password parameters of the log test should contain the login credentials of a user with Administrator rights to vCenter. However, if, owing to security constraints, you cannot expose the credentials of the Administrator, then you can create a special role for this purpose in vCenter, and grant the Diagnostics permission to this role. You can then assign the newly created role to a local/domain user on vCenter. The procedure for achieving this is detailed below:

  1. Login to a system on which the VMware Infrastructure Client is installed.
  2. Double-click on the VMware Infrastructure Client icon on your desktop.
  3. Figure 14 then appears. To connect to the vCenter, select the IP address / Name of the vCenter, and then provide the login information. To grant access permissions to a user, you will have to login to vCenter as an administrator. Therefore, provide the User name and Password of the administrator in Figure 14.

    Figure 14 : Connecting to vCenter

  4. Figure 15 then appears. Click on the Administration icon indicated by Figure 15.

    Figure 15 : The VMware Infrastructure Client console

  5. Doing so opens the Roles tab page by default. This lists all the existing user roles on vCenter. To create a new role, click on the Add Role button indicated by Figure 16.

    Figure 16 : Adding a new role

  6. In Figure 17 that then appears, Enter Name of the new role. Then, grant permissions to the new role by first expanding the Global node of the tree structure in the Privileges section of Figure 17. To grant the Diagnostics permission to the new role, select the check box corresponding to Diagnostics in Figure 17. Then, click the ok button.

    Figure 17 : Providing the details of the new role

  7. You will then return to Figure 15. Next, click on the Inventory icon indicated by Figure 18 to switch to Figure 19. Click on the Hosts & Clusters node in the tree-structure in the left panel of Figure 19, and then click on the Permissions tab page in the right panel. This tab page lists the local/domain users to vCenter and the roles currently assigned to them.

    Figure 18 : The Permissions tab page

  8. To assign the newly created role to one of the listed users, right-click anywhere in the empty, white space in the right panel, and select the Add Permission option from the shortcut menu that appears.

    Figure 19 : Selecting the Add Permission option

  9. Figure 20 then appears. To choose the user who is to be assigned the new role, click the Add button in Figure 20.

    Figure 20 : Adding a user

  10. This will open Figure 21. If you want to assign the new role to a domain user, select the Domain, and then select the user from the Users and Groups list. If you want to assign the new role to a local user, select (server) from the Domain list, and then select a user from the Users and Groups list.
  11. Either way, to add the user, click on the Add button in Figure 21. This will add the chosen user to the Users box. Then, click the ok button in Figure 21.

    Figure 21 : Selecting a local/domain user

  12. When you return to Figure 20, you will find that the local/domain user you selected from Figure 21 is displayed in the Users and Groups section (see Figure 22).

    Figure 22 : Assign the newly created role to the user

  13. To assign the newly created role to this user, select the user displayed in the Users and Groups section in Figure 22, pick the newly created role from the Assigned Role section, and then, click the ok button in Figure 22.
  14. Figure 23 then appears displaying the user-role mapping

Figure 23 : The Permissions tab page displaying the chosen user and the role assigned to him/her