These are the esxi host log files one needs to be quite familiar with. These logs should be checked depending on the issue you facing, and trying to troubleshoot.
- /var/log/auth.log: ESXi Shell authentication success and failure.
- /var/log/lacp.log: Link Aggregation Control Protocol logs.
- /var/log/hostd.log: Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.
- /var/log/shell.log: ESXi Shell usage logs, including enable/disable and every command entered.
- /var/log/syslog.log: Management service initialization, watchdogs, scheduled tasks and DCUI use.
- /var/log/vmkernel.log: Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup.
- /var/log/vmkwarning.log: A summary of Warning and Alert log messages excerpted from the VMkernel logs.
Below are few UNIX shell commands that I do find useful while troubleshooting something via SSH.
|tail hostd.log||Prints last 10 lines of the file|
|tail -f hostd.log||Prints the file in real-time, while log is being populated. Very useful if you troubleshooting something on the fly, and want to see it as its happening.|
|tail -20 hostd.log||Print last 20 lines|
|tail -f hostd.log | grep -i root||Will read the hostd.log file in real-time, BUT grep -i forces it to show on the screen only those lines that include our search term.|
|head hostd.log||Prints top 10 lines from the hostd.log file|
|head -20||Prints top 20 lines from the log file|
|more vmkernel.log||will read the text file one screen at a time. Press a spacebar to scroll down the screen. This can be quite cumbersome if your host has not rebooted in a while or you are looking for the latest logs.|
|more vmkernel.log | grep -i failed||Grep command searches the stream in output text, and prints lines containing “failed” search term only .
“grep -i” ( space dash lowercase i) tells the grep to ignore the case for SearChTeRm
|more vmkernel.log | grep -i failed | more||use the pipe “|” and “more” command again to give you the data one screen at a time, if there is more than 1 page of output.|
|cp file.log newname.log||Create a copy of file.log and name it “newname.log” useful when about to make a change in original file or would like to copy the file to a different directory for further analysis.|
I will be updating this post as need.
The complete list of each host log file, and their description as of ESXi 5.1 can be located at VMWare KB 2032076
Some basic UNIX Commands:
Resource 1: https://www.tjhsst.edu/~dhyatt/superap/unixcmd.html
Resource 2: http://www.ucs.cam.ac.uk/docs/leaflets/u5