Events are used for logging and auditing conditions inside the vShield Endpoint-based security system.

Events can be displayed without a custom vSphere plug-in. See the vCenter Server Administration Guide on events and alarms.

Events are the basis for alarms that are generated. Upon registering as a vCenter Server extension, the NSX Manager defines the rules that create and remove alarms.

Common arguments for all events are the event time stamp and the NSX Manager event_id.

The following table lists vShield Endpoint events reported by the SVM and the NSX Manager.

vShield Endpoint Events

Description

Severity

VC Arguments

vShield Endpoint solution SolutionName enabled. Supporting version versionNumber of the VFile protocol.

info

timestamp

ESX module enabled.

info

timestamp

ESX module uninstalled.

info

timestamp

The NSX Manager has lost connection with the ESX module.

info

timestamp

vShield Endpoint solution SolutionName was contacted by a non-compatible version of the ESX module.

error

timestamp, solution version, ESX module version

A connection between the ESX module and SolutionName failed.

error

timestamp, ESX module version, solution version

vShield Endpoint failed to connect to the SVM.

error

timestamp

vShield Endpoint lost connection with the SVM.

error

timestamp