The EPSecLib receives events from the ESXi host ESX GI Module (MUX).

Log Path and Sample Message

EPSecLib Log Path

/var/log/syslog

var/run/syslog

EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>

In the example below [ERROR] is the type of message and (EPSEC) represents the messages that are specific to Guest Introspection.

For example:

Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC)
 [7203] Initializing EPSec library build: build-00000
 
Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event 
terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.

Collecting Logs

To enable debug logging for the EPSec library, which is a component inside GI SVM:

  1. Log in to the GI SVM by obtaining the console password from NSX Manager.

  2. Create /etc/epseclib.conf file and add:

    ENABLE_DEBUG=TRUE

    ENABLE_SUPPORT=TRUE

  3. Change permissions by running the chmod 644 /etc/epseclib.conf command.

  4. Restart the GI-SVM process by running the /usr/local/sbin/rcusvm restart command.

    This enables debug logging for EPSecLib on the GI SVM and the debug logs can be found in /var/log/messages which are applicable for NSX for vSphere 6.2.x & 6.3.x. Because the debug setting can flood the vmware.log file to the point that it can make it to throttle, we recommend you disable the debug mode as soon as you have collected all the required information.

GI SVM Logs

Before you capture logs, determine the Host ID, or Host MOID:

  • Run the show cluster all and show cluster <cluster ID> commands in the NSX Manager.

    For example:

    nsxmgr-01a> show cluster all
    
    No.  Cluster Name       Cluster Id               Datacenter Name   Firewall Status
    1    RegionA01-COMP01   domain-c26               RegionA01         Enabled
    2    RegionA01-MGMT01   domain-c71               RegionA01         Enabled
    
    nsxmgr-01a> show cluster  domain-c26
    
    Datacenter: RegionA01
    Cluster: RegionA01-COMP01
    No.  Host Name            Host Id                  Installation Status
    1    esx-01a.corp.local   host-29                  Ready
    2    esx-02a.corp.local   host-31                  Ready

  1. To determine the current logging state, run this command:

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/com.vmware.vshield.usvm

    GET https://nsxmanager/api/1.0/usvmlogging/host-##/root

  2. To change the current logging state run this command:

    POST https://nsxmanager/api/1.0/usvmlogging/host-##/changelevel

    ## Example to change root logger ##
    
    <?xml version="1.0" encoding="UTF-8" ?>
    <logginglevel>
    <loggerName>root</loggerName>
    <level>DEBUG</level>
    </logginglevel>
    
    ## Example to change com.vmware.vshield.usvm ##
    
    <?xml version="1.0" encoding="UTF-8" ?>
    <logginglevel>
    <loggerName>com.vmware.vshield.usvm</loggerName>
    <level>DEBUG</level>
    </logginglevel>

  3. To generate logs, run this command:

    GET https://NSXMGR_IP/api/1.0/hosts/host.###/techsupportlogs

    Select Send and Download.

    Note that this command generates GI SVM logs and saves the file as techsupportlogs.log.gz file. Because the debug setting can flood the vmware.log file to the point that it can make it to throttle, we recommend you disable the debug mode as soon as you have collected all the required information.