Highlighted
s-v
6 Indium

ESXi host grabs

Jump to solution

Hello

How can I capture the logs from last 30 days? I just get 10 days of log files. Is there any way to pull out date specific logs?

How does the utility work?

Thanks

SV

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
abowles
1 Copper

Re: ESXi host grabs

Jump to solution

I believe KB 457937 (support.emc.com/kb/457937) contains the instructions you are looking for. From the KB:

The ESX or ESXi  grabs script run on the hosts also gathers the messages log files on the host. However, if you need logs that are older than the log files gathered by the ESX or ESXi  grab scripts, follow these steps to get older log files from the ESX or ESXi  host for analysis:

First request a vmsupport if one wasn't collected by the EMCgrab.
The vmsupport should have an archive of older vmkernel messages.

1. Unzip the vmsupport logs and navigate to var/run/log
     A. This directory should have an archive of the vmkernel, vmwarnings.... etc.

If the customer can not get a vmsupport because the host is not responding in vCenter then the below action should be taken.

1. Connect to your ESX/ESXi host using Putty, SCP, or the like.

2. Find  the messages log which logs activity from the kernel located at /var/log/
    The log may be in /scratch/log/ instead of /var/log/

3. Browse to the older logs that are named messages.1, messages.2, etc . . .         
    Newer ESXi systems will use the name vmkernel.log and vmkernel.1.gz instead of messages
    vobd.log, hostd.log and vpxa.log can also be useful so collect these at the same time.

4. Once done, transfer the files with WinSCP or Putty.

0 Kudos
2 Replies
abowles
1 Copper

Re: ESXi host grabs

Jump to solution

I believe KB 457937 (support.emc.com/kb/457937) contains the instructions you are looking for. From the KB:

The ESX or ESXi  grabs script run on the hosts also gathers the messages log files on the host. However, if you need logs that are older than the log files gathered by the ESX or ESXi  grab scripts, follow these steps to get older log files from the ESX or ESXi  host for analysis:

First request a vmsupport if one wasn't collected by the EMCgrab.
The vmsupport should have an archive of older vmkernel messages.

1. Unzip the vmsupport logs and navigate to var/run/log
     A. This directory should have an archive of the vmkernel, vmwarnings.... etc.

If the customer can not get a vmsupport because the host is not responding in vCenter then the below action should be taken.

1. Connect to your ESX/ESXi host using Putty, SCP, or the like.

2. Find  the messages log which logs activity from the kernel located at /var/log/
    The log may be in /scratch/log/ instead of /var/log/

3. Browse to the older logs that are named messages.1, messages.2, etc . . .         
    Newer ESXi systems will use the name vmkernel.log and vmkernel.1.gz instead of messages
    vobd.log, hostd.log and vpxa.log can also be useful so collect these at the same time.

4. Once done, transfer the files with WinSCP or Putty.

0 Kudos
s-v
6 Indium

Re: ESXi host grabs

Jump to solution

Thank you !!