The EPSecLib receives events from the ESXi host NSX Guest Introspection Platform Host Agent (MUX).
Log Path and Sample Message
EPSecLib Log Path |
---|
/var/log/syslog |
EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>
In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to any functionality that uses NSX Guest Introspection Platform.
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC) [7203] Initializing EPSec library build: build-00000 Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.
Collecting Logs
Work with the anti-virus vendor to enable console or SSH access to the SVM. Follow partner provided instructions to enable console or SSH access.
Log in to the EPP SVM by obtaining the console password from NSX Manager.
Create /etc/epseclib.conf file and add:
ENABLE_DEBUG=TRUE
ENABLE_SUPPORT=TRUE
The debug logs can be found in (RHEL/SLES/CentOS) /var/log/messages or (Ubuntu) /var/log/syslog . Because the debug setting can flood the /var/log file, disable the debug mode as soon as you have collected all the required information.
- Change permissions by running the chmod 644 /etc/epseclib.conf command.
Work with the anti-virus partner to extract logs generated for the SVM.