Vm Alarms; Events - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual
Hide thumbs
Also See for VSHIELD APP 1.0.0 UPDATE 1:
- Programming manual (90 pages) ,
- Quick start manual (30 pages)
Table of Contents
Advertisement
VM Alarms
VM alarms are generated by events affecting the health status of the vShield Endpoint module.
Table 14-4. Warnings
Possible Cause
The SVM is overloaded. The virtual machines
will not be protected while the alarm persists.
The thin agent in one or more virtual machines is
initialized but not reporting events. Those virtual
machines are not protected while this warning
persists.
Table 14-5. Errors
Possible Cause
The thin agent version is not compatible with the
vShield Endpoint module
The thin agent is not reporting vShield Endpoint
events. The virtual machine is not protected.
The virtual machine is still powered on, but the
thin agent is disabled. The virtual machine is not
protected.
Events
Events are used for logging and auditing conditions inside the vShield Endpoint-based security system.
Events can be displayed without a custom vSphere plug-in. See the vCenter Server Administration Guide on
events and alarms.
Events are the basis for alarms that are generated. Upon registering as a vCenter Server extension, the vShield
Manager defines the rules that create and remove alarms.
Default base arguments for an event are the reported time and the vShield Manager event_id.
Table 14-6
lists vShield Endpoint events reported by the SVM and the vShield Manager (VSM) in order by code
number. The table shows the even code, name, the VC arguments, the event category, and a description. In the
Event Category column, events that generate error alarms are colored red. Events that generate warning
alarms are colored yellow.
Table 14-6. vShield Endpoint Events
Code
Name
0001
VSM_FSFD_EVENT_VERSION_MISMATCH
0003
VSM_FSFD_EVENT_DISK_FULL
0004
VSM_FSFD_EVENT_TIMEOUT
VMware, Inc.
Appendix 14 vShield Endpoint Events and Alarms
Action
Check resources allocation for the SVM and allocate more resources,
if necessary. Check the vCenter Server event log for the ESX the SVM
is attached to. An event code of 1002 can indicate an overloaded
SVM.
This is usually a transient alarm that does not require attention. If it
persists or turns to red, look at the vCenter Server event log for the
protected VM. An event code of 1000 indicates a non-functioning
thin agent.
Action
Install compatible components. Look in the vShield Endpoint
Installation Guide for compatible versions for vShield Endpoint
module and SVM.
The thin agent is malfunctioning, or not initialized. Look at the event
log to see if the thin agent was initialized successfully.
If the error persists, this thin agent is malfunctioning. (A virtual
machine that is shutting down or in the process of a vMotion move
does not generate a red alarm.)
VC
Event
Arguments
Category
timestamp,
error
SVM version
of FSFD
protocol,
FSFD version
of FSFD
protocol
timestamp
warning
timestamp
warning
Description
vShield Endpoint: The SVM was
contacted by a non-compatible version
of the vShield Endpoint Thin Agent.
The vShield Endpoint Thin Agent
encountered a "disk full" error while
attempting to write to the local disk.
A timeout occurred in the
communication between the SVM and
the Thin Agent.
81
Advertisement
Table of Contents
Need help?
Do you have a question about the VSHIELD APP 1.0.0 UPDATE 1 and is the answer not in the manual?