The EPSecLib receives events from the ESXi host ESX GI Module (MUX).

Log Path and Sample Message

EPSecLib Log Path

EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>

In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to Guest Introspection.

For example:
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC)
 [7203] Initializing EPSec library build: build-00000
Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event 
terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.

Collecting Logs

To enable debug logging for the EPSec library, which is a component inside GI SVM:
  1. Log in to the GI SVM by obtaining the console password from NSX Manager.
  2. Create /etc/epseclib.conf file and add:



  3. Change permissions by running the chmod 644 /etc/epseclib.conf command.
  4. Restart the GI-SVM process by running the /usr/local/sbin/rcusvm restart command.

    This enables debug logging for EPSecLib on the GI SVM. The debug logs can be found in /var/log/messages. Because the debug setting can flood the vmware.log file, disable the debug mode as soon as you have collected all the required information.


Before you capture logs, determine the Host ID, or Host MOID:
  • Run the show cluster all and show cluster <cluster ID> commands in the NSX Manager.

    For example:
    nsxmgr-01a> show cluster all
    No.  Cluster Name       Cluster Id               Datacenter Name   Firewall Status
    1    RegionA01-COMP01   domain-c26               RegionA01         Enabled
    2    RegionA01-MGMT01   domain-c71               RegionA01         Enabled
    nsxmgr-01a> show cluster  domain-c26
    Datacenter: RegionA01
    Cluster: RegionA01-COMP01
    No.  Host Name            Host Id                  Installation Status
    1    esx-01a.corp.local   host-29                  Ready
    2    esx-02a.corp.local   host-31                  Ready
  1. To determine the current logging state, run this command:

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/com.vmware.vshield.usvm

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/root

  2. To change the current logging state, run this command:
    POST https://nsxmanager/api/1.0/usvmlogging/host-##/changelevel
    ## Example to change root logger ##
    <?xml version="1.0" encoding="UTF-8" ?>
    ## Example to change com.vmware.vshield.usvm ##
    <?xml version="1.0" encoding="UTF-8" ?>
  3. To generate logs, run this command:

    GET https://NSXMGR_IP/api/1.0/hosts/host.###/techsupportlogs

    Select Send and Download.

    Note that this command generates GI SVM logs and saves the file as techsupportlogs.log.gz file. Because the debug setting can flood the vmware.log file, disable the debug mode as soon as you have collected the required information.