Hi,
My vMA scenario is as follows:
I've installed the vMA and added esx(1) / esxi(7) hosts with the vifp addserver command. They are using fastpass authentication (non-AD) and this works correctly. The vilogger daemon is setup to collect all messages log files from the esxi hosts. For the esx host I collect all the default logs.
I have noticed the following issues:
- The hostd and vpxa log entries in their respective log files are duplicated in the messages log. Is this normal behaviour? This is the reason I only collect the messages file from my esxi hosts. Can anyone verify that I'm not missing crucial log information this way? For the esx host I collect all the regular logs.
- The logs are collecting normally but when I enable lockdown mode on my host the logging stops. What's the point in installing a specialised appliance for logging if that means I cannot secure my server with lockdown mode anymore. I was under the impression that only the root account is disabled and since the fastpass mechanism creates the vi-admin00 and vi-user00 account on my hosts, surely they could still collect the logs....apparently not! Is there any way to enable lockdown mode and still collect the logs via vMA? Is going the AD auth route a viable option? I currently don't have my hosts in the AD ( the AD server VMs are hosted on these machines ).
- Furthermore when I disable lockdown mode again ( after doing a test to see if the logging stops, which it does ) the logging won't continue. It just stays at the point where I enabled the lockdown. This seems weird and I've had at least one more instance where the logging just stops for no apparent reason. If I then list the servers it tells me that logging failed, but not the reason why. Can anyone clarify why the logging doesn't automatically resume?
Many thanks for you attention and hopefully someone will be able to answer my questions.
Kind regards,
Ivo