syslog daemon shutdown
This rule alerts on the status of the syslogd daemon running on the vSphere host.
The Syslog daemon (service) on this vSphere host has been stopped. This means that Syslog messages will no longer be forwarded to Ops Mgr.
Check the service status on the host. Note that this message may be received when a Syslogd restart is performed; so Syslogd may be running again and no resolution is required.
Use the Alerts View to see all current open issues for this object. Use the Events View to review any error and warning events for this object. Open a Performance View to see the performance metrics for this object and all contained objects. Open a Diagram View to analyse the relationships of this object to other components.
Syslog messages are not available via the Veeam Collector default method of connection to vCenter. The Veeam Collector receives Syslog messages direct from the vSphere host, via manual editing of the syslog.conf file on the host server. For details see the Veeam MP documentation.
See the Help Center for more information including reference lists of all Rules and Monitors and full set of User Guides for the Veeam MP for VMware.
See the VMware Online Documentation for more information on VMware vSphere, in particular:
| Target | Veeam.Virt.Extensions.VMware.VMHOST.Syslog | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Low | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Veeam VMware |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DS | DataSource | Microsoft.Windows.EventProvider | Default |
| Alert | WriteAction | System.Health.GenerateAlert | Default |
Home
<Rule ID="Veeam.Virt.Extensions.VMware.VMHOST.SyslogEvents.syslogdShutdown" Enabled="onEssentialMonitoring" Target="VeeamVEVMwareLib!Veeam.Virt.Extensions.VMware.VMHOST.Syslog" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Veeam VMware</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">900</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Params/Param[5]</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">$Target/Host/Property[Type="VeeamVEVMwareLib!Veeam.Virt.Extensions.VMware.VMHOST"]/id$</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">Params/Param[11]</XPathQuery>
</ValueExpression>
<Operator>MatchesWildcard</Operator>
<Pattern>syslogd shutdown succeeded</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>0</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Veeam.Virt.Extensions.VMware.VMHOST.SyslogEvents.syslogdShutdown.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDescription$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>