Hi,
I get frequent email from a host in my cluster that goes like this:
Target: esx2014-m-2
Stateless event alarm
Alarm Definition:
([Event alarm expression: Host error] OR [Event alarm expression: Host warning])
Event details:
Issue detected on esx2014-m-2: vmsyslog logger 192.168.20.210:10514 lost 1671391 log messages
(2019-09-20T07:56:00.704Z cpu4:3545365)
And the /var/log/.vmsyslogd.err looks like this:
2019-09-20T13:23:31.763Z vmsyslog.loggers.file : ERROR ] Failed to spawn onrotate call
Traceback (most recent call last):
File "/build/mts/release/bora-13635690/bora/build/esx/release/vmvisor/sys-boot/lib64/python3.5/site-packages/vmsyslog/loggers/file.py", line 379, in writeLog
File "/build/mts/release/bora-13635690/bora/build/esx/release/vmvisor/sys-boot/lib64/python3.5/subprocess.py", line 676, in __init__
File "/build/mts/release/bora-13635690/bora/build/esx/release/vmvisor/sys-boot/lib64/python3.5/subprocess.py", line 1228, in _execute_child
OSError: [Errno 28] No space left on device
2019-09-20T13:38:26.408Z vmsyslog.msgQueue : ERROR ] 192.168.20.210:10514 - lost 1671391 log messages
The port isn't standard but I have a custom firewall rule to allow outbound. Works no problem for other hosts. And the SIEM does receive some logs from this host so it seems intermittent.
Any idea how to resolve this? It's running 6.5 U2