1
response

I set up a new port (2514/TCP) to receive logs messages from VMware Workspace One.

I notice this new port was not writing the log messages to the file specified. (Other ports for other products work fine)

I can see the messages come in when I run tcpdump, but they do not end up getting written to a file.

When I looked at the /var/log/nxlog/nxlog.log file, I noticed a LOT of messages like this:

2021-07-07 22:44:31 INFO connection accepted from 10.42.32.149:60599

2021-07-07 22:44:31 WARNING TCP connection closed from 10.42.32.149:60599: End of file found

I tried to google the error, but could not fine anything about it.

My config file includes this:

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input vmwarelogtcp>
    Module      im_tcp
    Port        2514
    Host        0.0.0.0
    Exec        parse_syslog();
</Input>

<Output vmwareout>
    Module      om_file
    File        "/log/SYSLOG_vmwarelog/VMWARELOG_" + $Hostname + ".log"
    CreateDir   TRUE
    Exec        to_syslog_bsd();
</Output>

<Route 3>
    Path        vmwarelogtcp => vmwareout
</Route>

Any ideas?

Thank you

AskedJuly 7, 2021 - 3:40pm

Answer (1)

Hi,

so, it looks like the connection with VMWare is made:

2021-07-07 22:44:31 INFO connection accepted from 10.42.32.149:60599

but this suggests the connection is closed by the same party:

2021-07-07 22:44:31 WARNING TCP connection closed from 10.42.32.149:60599: End of file found.

I'd suggest checking VMWare conf first - maybe there's something in VMWare's logs?

Best regards,
Rafał