If virtual machines on an ESXi host are not working with Guest Introspection, or if there are alarms on a host regarding communication to the SVA, then it could be a problem with the ESX GI Module on the ESXi host.
Log Path and Sample Message
| MUX Log path |
|---|
| /var/log/syslog |
| var/run/syslog.log |
ESX GI Module (MUX) messages follow the format of <timestamp>EPSecMUX<[ThreadID]>: <message>
For example:
2017-07-16T05:44:49Z EPSecMux[38340669]: [ERROR] (EPSEC) [38340669] Attempted to recv 4 bytes from sd 49, errno = 104 (Connection reset by peer)
In the above example
- [ERROR] is the type of message. Other types can be [DEBUG], [INFO]
- (EPSEC) represents that the messages are specific to Endpoint Security
Enabling and Viewing Log Files
To view the version of the ESX GI Module VIB installed on the host, run the #esxcli software vib list | grep epsec-mux command.
To turn on full logging, perform these steps on the ESXi host command shell:
- Run the ps -c |grep Mux command to find the ESX GI Module processes that are currently running.
For example:
~ # ps -c | grep Mux 192223 192223 sh /bin/sh /sbin/watchdog.sh -s vShield-Endpoint-Mux -q 100 -t 1000000 /usr/lib/vmware/vShield-Endpoint-Mux 900 -c 910 192233 192233 vShield-Endpoint-Mux /usr/lib/vmware/vShield-Endpoint-Mux 900 -c 910 192236 192233 vShield-Endpoint-Mux /usr/lib/vmware/vShield-Endpoint-Mux 900 -c 910
-
If the service is not running, you can restart it with these commands:/etc/init.d/vShield-Endpoint-Mux start or /etc//init.d/vShield-Endpoint-Mux restart.
- To stop the running ESX GI Module processes, including the watchdog.sh process, run the ~ # kill -9 192223 192233 192236 command.
Note that two ESX GI Module processes are spawned.
- Start an ESX GI Module with a new -doption. Note that option -d does not exist for epsec-mux builds 5.1.0-01255202 and 5.1.0-01814505 ~ # /usr/lib/vmware/vShield-Endpoint-Mux –d 900 –c 910
- View the ESX GI Module log messages in the /var/log/syslog.log file on the ESXi host. Check that the entries corresponding to the global solutions, solution ID, and port number are specified correctly.
Sample muxconfig.xml File
<?xml version="1.0" encoding="UTF-8"?>
<EndpointConfig>
<InstalledSolutions>
<Solution>
<id>100</id>
<ipAddress>xxx.xxx.xxx.xxx</ipAddress>
<listenOn>ip</listenOn>
<port>48655</port>
<uuid>42383371-3630-47b0-8796-f1d9c52ab1d0</uuid>
<vmxPath>/vmfs/volumes/7adf9e00-609186d9/EndpointService (216)/EndpointService (216).vmx</vmxPath>
</Solution>
<Solution>
<id>102</id>
<ipAddress>xxx.xxx.xxx.xxx</ipAddress>
<listenOn>ip</listenOn>
<port>48651</port>
<uuid>423839c4-c7d6-e92e-b552-79870da05291</uuid>
<vmxPath>/vmfs/volumes/7adf9e00-609186d9/apoon/EndpointSVM-alpha-01/EndpointSVM-alpha-01.vmx</vmxPath>
</Solution>
<Solution>
<id>6341068275337723904</id>
<ipAddress>xxx.xxx.xxx.xxx</ipAddress>
<listenOn>ip</listenOn>
<port>48655</port>
<uuid>42388025-314f-829f-2770-a143b9cbd1ee</uuid>
<vmxPath>/vmfs/volumes/7adf9e00-609186d9/DlpService (1)/DlpService (1).vmx</vmxPath>
</Solution>
</InstalledSolutions>
<DefaultSolutions/>
<GlobalSolutions>
<solution>
<id>100</id>
<tag></tag>
<order>0</order>
</solution>
<solution>
<id>102</id>
<tag></tag>
<order>10000</order>
</solution>
<solution>
<id>6341068275337723904</id>
<tag></tag>
<order>10001</order>
</solution>
</GlobalSolutions>
</EndpointConfig>
