This part in the Log Insight (LI) series will describe how we can create alerts for certain events that we want to monitor a bit extra. In this case one host had a broken SD card, which we never got any alerts on from vCenter Server, so we wanted to create a separate email alert for it.

We didn’t realize there was a problem until we tried to patch the ESXi host using Update Manager, and got the following error messages:

li-locker1

We filtered the first event to see how often it occurred:

li-locker2

Then we took a look at other events that occurred around the same time using the View Event In Context feature:

li-locker6

There we found the actual disk error message and status code (H:0x0 D:0x2 P:0x0 Valid sense data 0x3 0x11 0x0), which we looked up on the excellent site http://www.virten.net/vmware/esxi-scsi-sense-code-decoder/

li-locker7

li-locker8

Now that we knew what message we were looking for, we created a simple text filter/query for it:

li-locker9

We could also go back in time to see exactly when it started occuring, and even zooming in to the exact minute:

li-locker3

li-locker5

Since we wanted to be alerted in the future if the same message should reappear, we created an alert for it, which is simply done by clicking the red alert bell in the top right, once you’ve created and fine tuned your filters/query:

li-locker10

Give the alert a name, description and tell LI how to send the alert (SMTP email, webhook and/or vROps Mgr alert):

li-locker11

Done! Now we’ll get an email in advance rather than finding out about SD card problems later.