NSX Guest Introspection Platform SDK EPSecLib
NSX Guest Introspection Platform
SDK EPSecLib The EPSecLib receives events from the ESXi host
NSX Guest Introspection Platform
Host Agent (MUX). Log Path and Sample Message
EPSecLib Log Path |
|---|
/var/log/syslog |
EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>
In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to any functionality that uses
NSX Guest Introspection Platform
.For example:
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC) [7203] Initializing EPSec library build: build-00000 Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.
Collecting Logs
To enable debug logging for the EPSec library, which is a component inside any service that uses
NSX Guest Introspection Platform
: - Work with the anti-virus vendor to enable console or SSH access to the SVM. Follow partner provided instructions to enable console or SSH access.
- Log in to the EPP SVM by obtaining the console password from NSX Manager.
- Create/etc/epseclib.conffile and add:ENABLE_DEBUG=TRUEENABLE_SUPPORT=TRUEThe debug logs can be found in (RHEL/SLES/CentOS)/var/log/messagesor (Ubuntu)/var/log/syslog. Because the debug setting can flood the/var/logfile, disable the debug mode as soon as you have collected all the required information.
- Change permissions by running thechmod 644 /etc/epseclib.confcommand.
- Work with the anti-virus partner to extract logs generated for the SVM.