The EPSecLib receives events from the ESXi host ESX GI Module (MUX).

Log Path and Sample Message

EPSecLib Log Path
/var/log/syslog
var/run/syslog

EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>

In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to Guest Introspection.

For example: 
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC)
 [7203] Initializing EPSec library build: build-00000
 
Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event 
terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.

Collecting Logs

To enable debug logging for the EPSec library, which is a component inside GI SVM:
  1. Log in to the GI SVM by obtaining the console password from NSX Manager.

  2. Create /etc/epseclib.conf file and add:

    ENABLE_DEBUG=TRUE

    ENABLE_SUPPORT=TRUE

  3. Change permissions by running the chmod 644 /etc/epseclib.conf command.

  4. Restart the GI-SVM process by running the /usr/local/sbin/rcusvm restart command.

    This enables debug logging for EPSecLib on the GI SVM. The debug logs can be found in /var/log/messages. Because the debug setting can flood the vmware.log file, disable the debug mode as soon as you have collected all the required information.

GI SVM Logs

Before you capture logs, determine the Host ID, or Host MOID:

  • Run the show cluster all and show cluster <cluster ID> commands in the NSX Manager.

    For example: 
    nsxmgr-01a> show cluster all

No.  Cluster Name       Cluster Id               Datacenter Name   Firewall Status
1    RegionA01-COMP01   domain-c26               RegionA01         Enabled
2    RegionA01-MGMT01   domain-c71               RegionA01         Enabled

nsxmgr-01a> show cluster  domain-c26

Datacenter: RegionA01
Cluster: RegionA01-COMP01
No.  Host Name            Host Id                  Installation Status
1    esx-01a.corp.local   host-29                  Ready
2    esx-02a.corp.local   host-31                  Ready
  1. To determine the current logging state, run this command:

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/com.vmware.vshield.usvm

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/root

  2. To change the current logging state, run this command:
    POST https://nsxmanager/api/1.0/usvmlogging/host-##/changelevel 
    ## Example to change root logger ##

<?xml version="1.0" encoding="UTF-8" ?>
<logginglevel>
<loggerName>root</loggerName>
<level>DEBUG</level>
</logginglevel>

## Example to change com.vmware.vshield.usvm ##

<?xml version="1.0" encoding="UTF-8" ?>
<logginglevel>
<loggerName>com.vmware.vshield.usvm</loggerName>
<level>DEBUG</level>
</logginglevel>
  3. To generate logs, run this command:

    GET https://NSXMGR_IP/api/1.0/hosts/host.###/techsupportlogs

    Select Send and Download.

    Note that this command generates GI SVM logs and saves the file as techsupportlogs.log.gz file. Because the debug setting can flood the vmware.log file, disable the debug mode as soon as you have collected the required information.