The log files that contain system messages are located in the VMware Cloud Director Availability virtual appliances.
Each VMware Cloud Director Availability service uses a separate log file, located in the following folders in the VMware Cloud Director Availability appliances.
| Service | Default Location | Description |
|---|---|---|
| Data Engine Service | /opt/vmware/h4/h4dm/log/h4dm*.log | Contains the Data Engine Service specific logs and security-related messages. |
| Replicator Service | /opt/vmware/h4/replicator/log/replicator.log | Contains application-specific logs and security-related messages. |
| /opt/vmware/h4/replicator/log/requests.log | When activated, contains HTTP request and response data like URL, response code, and timing entries. | |
| Manager Service | /opt/vmware/h4/manager/log/manager.log | Contains application-specific logs and security-related messages. |
| /opt/vmware/h4/manager/log/requests.log | When activated, contains HTTP request and response data like URL, response code, and timing entries. | |
| Cloud Service | /opt/vmware/h4/cloud/log/cloud.log | Contains applicationvmware/var/log/-specific logs security-related messages. |
| /opt/vmware/h4/cloud/log/requests.log | When activated, contains HTTP request and response data like URL, response code, and timing entries. | |
| Tunnel Service | /opt/vmware/h4/tunnel/log/tunnel.log | Contains entries with the source or destination IP and the source or destination port for newly established TCP connections to and from the Tunnel Service. |
| /opt/vmware/h4/tunnel/log/requests.log | When activated, contains HTTP request and response data like URL, response code, and timing entries. | |
| vSphere Replication Server | /var/log/vmware/hbrsrv.log | The log file of the HBR server. Useful for troubleshooting NFC errors other problems. |
| Upgrade log | /var/log/upgrade.log | Contains the upgrade log entries. |
Note:
- VMware Cloud Director Availability does not support installing of any packages, 3rd party software or, and changes in yum configuration files.
- The resources that relate to security operate with the required OS permissions and ownership. Do not attempt to change the ownership or permissions of these files.
Collected Logs Rotation
How many days are collected by default in the logs of VMware Cloud Director Availability:
The main log files for the
Cloud Service and the other services rotate due to their amount of logged data, not a static time interval, by first archiving then deleting the oldest archived copies by following these patterns for each of the logs:
- Maximum single log file size reaches 10 MB.
- Archived log file name: logname.yyyy-MM-dd.number.gz.
- Maximum number of archived log files reached 30.
- Total size of the archived logs reaches 140 MB.
Log Messages Related to Security
- Attempting to log in by using an incorrect password for the root user account of the appliance shows the following log output.
2019-10-22 08:48:29.949 WARN - [3c08455a-343d-46d8-a21b-beefcc0a93fa_9V] [https-jsse-nio-8046-exec-10] c.v.h.c.system.AppliancePasswordHelper : stderr: Unable to authenticate root. 2019-10-22 08:48:29.950 WARN - [3c08455a-343d-46d8-a21b-beefcc0a93fa_9V] [https-jsse-nio-8046-exec-10] c.v.h.c.system.AppliancePasswordHelper : Incorrect appliance password received! 2019-10-22 08:48:29.953 ERROR - [3c08455a-343d-46d8-a21b-beefcc0a93fa_9V] [https-jsse-nio-8046-exec-10] c.v.h4.common.config.SecurityConfig : An unauthorized POST request from 127.0.0.1 port 46406 to /sessions failed. org.springframework.security.authentication.BadCredentialsException: Login failed at com.vmware.spring.security.creds.generic.CredentialsAuthenticationProvider.authenticate(CredentialsAuthenticationProvider.java:84) at com.vmware.h4.cloud.security.VcloudCredentialsProvider.authenticate(VcloudCredentialsProvider.java:40) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) at com.vmware.spring.security.creds.JsonCredentialsAuthenticationFilter.attemptAuthentication(JsonCredentialsAuthenticationFilter.java:140) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
- Attempting to log in from the Internet by using the root user account of the appliance shows the following log output.
2019-10-22 08:51:19.245 ERROR - [6d57eddb-a9d7-4f85-8fec-98503d912c7e_JK] [https-jsse-nio-8043-exec-10] c.v.spring.security.SourceIpAuthorizer : Authorization by source IP failure: the client IP 127.0.0.1 did not match the rule Rule{ != 127.0.0.1 }
- Attempting to log in by using incorrect single sign-on user credentials shows the following log output.
2019-10-22 08:51:59.292 ERROR - [337a5316-56d7-4a28-8991-83911eadbdc9_9W] [https-jsse-nio-8046-exec-3] c.v.h4.common.config.SecurityConfig : An unauthorized POST request from 127.0.0.1 port 46430 to /sessions failed. org.springframework.security.authentication.BadCredentialsException: Login failed at com.vmware.spring.security.creds.SsoCredentialsAuthenticationProvider.authenticate(SsoCredentialsAuthenticationProvider.java:101) at com.vmware.h4.cloud.security.VcloudSsoCredentialsProvider.authenticate(VcloudSsoCredentialsProvider.java:44) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) at com.vmware.spring.security.creds.JsonCredentialsAuthenticationFilter.attemptAuthentication(JsonCredentialsAuthenticationFilter.java:140) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ... Caused by: com.vmware.vlsi.client.sso.SsoException: com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid. at com.vmware.vlsi.client.sso.SsoException.toSsoEx(SsoException.java:34) at com.vmware.vlsi.client.sso.StsService.acquireBearerToken(StsService.java:90) at com.vmware.vlsi.client.sso.StsService.acquireBearer(StsService.java:82) at com.vmware.spring.security.creds.SsoCredentialsAuthenticationProvider.authenticate(SsoCredentialsAuthenticationProvider.java:96)
- Certificate mismatch after replacing the certificate of a VMware Cloud Director Availability service. The following log output shows a remote cloud site attempting to connect to the local cloud site, when trust is established with the old certificate.
2019-10-22 09:00:29.748 WARN - [cd88c84a-be07-4ae2-8150-1ba9a3806ad8_Ah] [https-jsse-nio-8046-exec-1] com.vmware.h4.cloud.peer.PeerRepo : Unrecognized peer certificate: SHA-256:DC:8F:7E:F9:64:EF:45:A8:2A:EF:C1:71:E8:03:83:6C:B7:9F:F8:80:86:03:D9:2C:4E:51:E6:1F:B6:9F:BB:10 2019-10-22 09:00:29.749 ERROR - [cd88c84a-be07-4ae2-8150-1ba9a3806ad8_Ah] [https-jsse-nio-8046-exec-1] c.v.h4.common.config.SecurityConfig : An unauthorized GET request from 172.16.198.49 port 46872 to /diagnostics/peer-health failed. org.springframework.security.authentication.BadCredentialsException: Unrecognized client certificate at com.vmware.spring.security.clientcert.ClientCertAuthenticationProvider.authenticate(ClientCertAuthenticationProvider.java:47) at com.vmware.h4.cloud.peer.PeerClientCertAuthenticationProvider.authenticate(PeerClientCertAuthenticationProvider.java:65) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) at com.vmware.spring.security.clientcert.impersonate.ImpersonatingClientCertFilter.attemptAuthentication(ImpersonatingClientCertFilter.java:45) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ...
