Diagnostics Findings are derived from vCenter, ESXi, and vSAN events, properties, and product log data that help identify potential problems or informs you about existing issues in your environment.

As an infrastructure administrator, observing information from your environment and logs helps you identify or validate product issues and risks. The diagnostic findings provides information on a potential issue discovered within your environment and provides steps to remediate it.

Note: Findings for all the objects are displayed on the Diagnostics Findings page even if the object does not exist in your environment. This is due to the VMware Aria Operations global settings that retain historical objects.
For each finding, the following information is available:
Finding Category Description
Severity
  • Critical
  • Immediate
  • Warning
VMware Cloud Foundation Component
  • vCenter
  • ESXi Hosts
  • NSX
  • VMware Aria Operations
  • VMware Aria Automation
  • SDDC Manager
  • vSAN
Capability
  • vMotion
  • Snapshot
  • Workload Provisioning
  • Workload Domain Provisioning
  • DRS
  • HA
  • Others
Finding Type
  • Availability
  • Security
  • Operation Diagnostics
  • Pre-upgrade Check
  • Product Interoperability
Category
  • Management
  • Compute
  • Storage
  • Network
  • Security

Reviewing and Resolving Active Findings

The Active Findings page shows all the findings discovered within the last 24 hours.

To review active findings, from the left menu, click Diagnostics and then click View Details on the Overall Findings card.

In order to display findings, see Setting up Diagnostics for VMware Cloud Foundation and ensure you configured the same vCenter instance in VMware Aria Operations and VMware Aria Operations for Logs.

Finding Details

The Findings table below displays results based on the filters applied in the overview section. It includes the following information:
Option Description
Finding Displays an unique identifier for the finding.
Description Displays an explanation of the finding.
Severity Displays the severity of the finding according to the following criteria:
  • Critical: Finding that can cause possible data corruption, environmental outage, significant performance impact, or a moderate/important security vulnerability within your environment.
  • Immediate: Finding that requires an immediate attention impacting the functionality of your environment.
  • Warning: Findings that is an advanced notice of a potential issue that may result in loss of data or an error state within your environment.
Finding Type Displays the type of finding.
Refresh Type Displays whether a scan is automatically performed or the scan is invoked manually.
  • Auto: for property-based finding.
  • Manual: for log-based finding.
Check Last Run Displays the date and time of the last scan for the finding.
Affected Objects Displays the number of all objects (vCenter Server, ESXi hosts, virtual machines) impacted by a finding.
Last Observed For property-based findings, this is the date when the finding was first observed. This could be days, weeks or months ago. For log-based findings, this is the time when the finding was observed during the last 24-hour scan.

Click Manage Columns to choose which columns to display in the table.

To view more details about the specific finding, click the icon next to each finding.

A Finding description displays the summary, affected objects, and recommendation.

Recommendation: The action needed to resolve the finding.

Helpful Links: This includes Knowledge Base (KB) articles.

Refresh Findings

Refresh Findings allows you to perform real-time analysis using the product logs in your environment where the problem has occurred.

Log-based findings expire 36 hours after the issue was first detected in the logs whereas property-based findings are removed from the system as soon as the issue is resolved.
Note: Refresh Findings is not active if you have not configured VMware Aria Operations for Logs or if a log scan is in progress.

To analyze the log findings:

Prerequisites

  • Verify that you have installed VMware Aria Operations for Logs.
  • Verify that you have configured VMware Aria Operations for Logs in VMware Aria Operations.

Procedure

  1. On the Diagnostic Findings page, click Refresh Findings.
  2. Select the inventory on which you want to run the scan. To scan a product not displayed in the selection tree, click Run without selecting anything.
  3. Click Run.

    The findings are displayed in the Findings table.

Historical Findings

Historical Findings evaluate log-based findings for a specified time in the past.

As an infrastructure admin, you want to review historical findings to troubleshoot existing risks and vulnerabilities in your environment. Historical findings allow you to diagnose the root cause of the issues so that you can address similar issues more effectively and make an informed decision.

You can run only one historical finding at a time and retain only one set of historical findings. The scan results of a historical scan will overwrite the previous historical findings.

To access Historical Findings:

Prerequisites

  • Verify that you have installed VMware Aria Operations for Logs.
  • Verify that you have configured VMware Aria Operations for Logs in VMware Aria Operations.

Procedure

  1. On the Diagnostic Findings page, click Historical Findings > Generate Findings.
  2. Enter the Start Date, End Date, Start Time, and End Time.
    Note: Historical finding scan period should not exceed more than 48 hours.
  3. Select the inventory on which you want to run the scan. To scan a product not displayed in the selection tree, click Run without selecting anything.
  4. Click Run.

Results

All the historical findings are displayed on the Findings table.
Note:
  • If you upgrade your VMware Aria Operations to a different version, the start and end date time is not displayed on the Diagnostics Findings page.

Monitoring Security Advisories

VMware Security Advisories document remediation for security vulnerabilities that are reported in VMware products.

As an infrastructure admin, you must maintain security along with performance of your environment.

Diagnostics for VMware Cloud Foundation continually checks your environment for builds with known vulnerabilities. It identifies known vulnerabilities and displays them as findings so you can review and address them promptly.

To investigate security findings:

Procedure

  1. On the Diagnostics Findings page and click the icon next to each finding.
  2. Review the summary and affected objects.
  3. Click the Knowledge Base article to resolve the finding.