The EPSecLib receives events from the ESXi host ESX EPP Module (MUX).
Log Path and Sample Message
|EPSecLib Log Path|
EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>
In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to Endpoint Protection.
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester: [NOTICE] (EPSEC)  Initializing EPSec library build: build-00000 Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC)  Event terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.
- Work with the antivirus security vendor to enable console or SSH access to the SVM. Follow partner provided instructions to enable console or SSH access.
- Log in to the EPP SVM by obtaining the console password from NSX Manager.
Create /etc/epseclib.conf file and add:
The debug logs can be found in /var/log/messages. Because the debug setting can flood the vmware.log file, disable the debug mode as soon as you have collected all the required information.
- Change permissions by running the chmod 644 /etc/epseclib.conf command.
- Work with the antivirus partner to extract logs generated for the SVM.