Log Path and Sample Message The thin agent consists of GI drivers vsepfltsys

Log path and sample message the thin agent consists

This preview shows page 235 - 237 out of 247 pages.

Log Path and Sample Message The thin agent consists of GI drivers – vsepflt.sys, vnetflt.sys, vnetwfp.sys (Windows 10 and later). The thin agent logs are on the ESXi host, as part of the VCenter Log Bundle. The log path is /vmfs/volumes/<datastore>/<vmname>/vmware.log For example: /vmfs/volumes/5978d759-56c31014-53b6-1866abaace386/Windows10-(64- bit)/vmware.log Thin agent messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>. In the log example below Guest: vnet or Guest:vsep , indicate log messages related to the respective GI drivers, followed by debug messages. For example: 2017-10-17T14:25:19.877Z| vcpu-0| I125: Guest: vnet: AUDIT: DriverEntry : vnetFilter build-4325502 loaded 2017-10-17T14:25:20.282Z| vcpu-0| I125: Guest: vsep: AUDIT: VFileSocketMgrConnectHelper : Mux is connected 2017-10-17T14:25:20.375Z| vcpu-0| I125: Guest: vsep: AUDIT: DriverEntry : vfileFilter build-4286645 loaded 2017-10-17T18:22:35.924Z| vcpu-0| I125: Guest: vsep: AUDIT: VFileSocketMgrConnectHelper : Mux is connected 2017-10-17T18:24:05.258Z| vcpu-0| I125: Guest: vsep: AUDIT: VFileFltPostOpCreate : File (\Windows\System32\Tasks\Microsoft\Windows\ SoftwareProtectionPlatform\SvcRestartTask) in a transaction, ignore Example: Enabling vShield Guest Introspection Thin Agent Driver Logging Because the debug setting can flood the vmware.log file to the point that it throttles, we recommend you disable the debug mode as soon as you have collected all the required information. This procedure requires you to modify the Windows registry. Before you modify the registry, ensure to take a backup of the registry. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393 . To enable debug logging for the thin agent driver: 1 Click Start > Run . Enter regedit, and click OK . The Registry Editor window opens. For more information seen the Microsoft Knowledge Base article 256986 . 2 Create this key using the registry editor: HKEY_LOCAL_Machine\SYSTEM\CurrentControlSet\services\vsepflt\parameters . NSX Troubleshooting Guide VMware, Inc. 235
Image of page 235
3 Under the newly created parameters key, create these DWORDs. Ensure that hexadecimal is selected when putting in these values: Name: log_dest Type: DWORD Value: 0x2 Name: log_level Type: DWORD Value: 0x10 Other values for log level parameter key: Audit 0x1 Error 0x2 Warn 0x4 Info 0x8 Debug 0x10 4 Open a command prompt as an administrator. Run these commands to unload and reload the vShield Endpoint filesystem mini driver: n fltmc unload vsepflt n fltmc load vsepflt You can find the log entries in the vmware.log file located in the virtual machine. Enabling vShield GI Network Introspection Driver Logging Because the debug setting can flood the vmware.log file to the point that it can make it to throttle, we recommend you disable the debug mode as soon as you have collected all the required information. This procedure requires you to modify the Windows registry. Before you modify the registry, ensure to take a backup of the registry. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393 .
Image of page 236
Image of page 237

You've reached the end of your free preview.

Want to read all 247 pages?

  • Fall '19
  • IP address, NSX Manager

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture