Information Technology Reference
In-Depth Information
LOG_
DATE
EVENT
LOG-
SOURCE
DESCRIPTION
OCCURRENCE
Most Frequent Errors
VM Log Type: Error
Log type:
Error
Date loaded 20110128
/first vm-log dump
The
\Device\Scsi\symmpi1 is
not ready for access yet.
11/102010
9:51
15
Symmpi
36
The driver detected a
controller
11/10/201
0 9:51
error
on
11
Disk
\Device\Harddisk0.
36
The\
Device\Scsi\symmpi1 is
not ready for access yet.
11/10/201
0 9:50
15
Symmpi
34
The driver detected a
controller
11/10/201
0 9:50
error
on
11
Disk
\Device\Harddisk0.
34
The driver detected a
controller
11/9/2010
16:36
error
on
11
Disk
\Device\Harddisk0.
26
Fig. 1. Shows the synchronized VM Host disk over the time period 9/11/10 between 9:00 a.m.
to 16:36 p.m. for a sequence of time events and their Frequency of occurrence
What we cannot say from these results is why the VM system administrator took so
long to detect the failures, but a reasonable assumption is that before we had done this
automated prototype to perform the audit, the administrator appeared to have been
doing manual entries to perform security validations on the VM kernel. And hence
may have somehow missed these entries at that point in time. Notable to the
production environment however at that time point, is the fact that there was no
archival security analysis done on these system event logs. The commissioning of our
automated log auditor since the 28/11/2011 is what the University currently uses to
demonstrate these mapped log errors on the synchronized VM kernel. And hence we
could argue that the administrator task could have been made easier, if this
automation was done earlier.
It is also useful for the reader to understand that the automated synchronized logs
audits are read from the VMware essx3i kernel \var\log directory. Hence for this
reason we can generate a schema for both the device and application instances
running within this virtualization stack.
Search WWH ::




Custom Search