vSphere includes a user-configurable events and alarms subsystem. This subsystem tracks events happening throughout vSphere and stores the data in log files and the vCenter Server database. This subsystem also enables you to specify the conditions under which alarms are triggered. Alarms can change state from mild warnings to more serious alerts as system conditions change, and can trigger automated alarm actions. This functionality is useful when you want to be informed, or take immediate action, when certain events or conditions occur for a specific inventory object, or group of objects.
- A license key expires
- A virtual machine is powered on
- A user logs in to a virtual machine
- A host connection is lost
Event data includes details about the event such as who generated it, when it occurred, and what type of event it is.
|Error||Indicates that a fatal problem has occurred in the system and terminates the process or operation.|
|Warning||Indicates that there is a potential risk to the system which needs to be fixed. This event does not terminate the process or operation.|
|Information||Describes that the user or system operation is completed successfully.|
|Audit||Provides important audit log data which is crucial for the security framework. The audit log data includes information about what is the action, who did it, when it occurred, and the IP address of the user.
You can learn more about this in the vSphere Security guide.
Alarms are notifications that are activated in response to an event, a set of conditions, or the state of an inventory object. An alarm definition consists of the following elements in the vSphere Client:
- Name and description - Provides an identifying label and description.
- Targets - Defines the type of object that is monitored.
- Alarm Rules - Defines the event, condition, or state that triggers the alarm and defines the notification severity. It also defines operations that occur in response to triggered alarms.
- Last modified - The last modified date and time of the defined alarm.
- Normal – green
- Warning – yellow
- Alert – red
Alarm definitions are associated with the object selected in the inventory. An alarm monitors the type of inventory objects specified in its definition.
For example, you might want to monitor the CPU usage of all virtual machines in a specific host cluster. You can select the cluster in the inventory, and add a virtual machine alarm to it. When enabled, that alarm monitors all virtual machines running in the cluster and triggers when any one of them meets the criteria defined in the alarm. To monitor a specific virtual machine in the cluster, but not others, select that virtual machine in the inventory and add an alarm to it. To apply the same alarms to a group of objects, place those objects in a folder and define the alarm on the folder.
Alarm actions are operations that occur in response to the trigger. For example, you can have an email notification sent to one or more administrators when an alarm is triggered.