NSX Guest Introspection Platform
SDK EPSecLib

The EPSecLib receives events from the ESXi host
NSX Guest Introspection Platform
Host Agent (MUX).

Log Path and Sample Message

EPSecLib Log Path
/var/log/syslog
EPSecLib messages follow the format of <timestamp> <VM Name><Process Name><[PID]>: <message>
In the following example [ERROR] is the type of message and (EPSEC) represents the messages that are specific to any functionality that uses
NSX Guest Introspection Platform
.
For example:
Oct 17 14:26:00 endpoint-virtual-machine EPSecTester[7203]: [NOTICE] (EPSEC) [7203] Initializing EPSec library build: build-00000 Oct 17 14:37:41 endpoint-virtual-machine EPSecSample: [ERROR] (EPSEC) [7533] Event terminated reading file. Ex: VFileGuestEventTerminated@tid=7533: Event id: 3554.

Collecting Logs

To enable debug logging for the EPSec library, which is a component inside any service that uses
NSX Guest Introspection Platform
:
  1. Work with the anti-virus vendor to enable console or SSH access to the SVM. Follow partner provided instructions to enable console or SSH access.
  2. Log in to the EPP SVM by obtaining the console password from NSX Manager.
  3. Create
    /etc/epseclib.conf
    file and add:
    ENABLE_DEBUG=TRUE
    ENABLE_SUPPORT=TRUE
    The debug logs can be found in (RHEL/SLES/CentOS)
    /var/log/messages
    or (Ubuntu)
    /var/log/syslog
    . Because the debug setting can flood the
    /var/log
    file, disable the debug mode as soon as you have collected all the required information.
  4. Change permissions by running the
    chmod 644 /etc/epseclib.conf
    command.
  5. Work with the anti-virus partner to extract logs generated for the SVM.