Site icon Virtual Maestro

Horizon View 7.10 Event logging: Events Database, Syslog Server and Flat File


In this post, we are going to discuss Event logging in Horizon View environment. In Horizon View environment, by default, events are not logged as it requires you to perform event configuration prior to generating event logs.

As in screenshot below, when you login for the first time into horizon console and check the dashboard status, you can see warning status on Event Database which represents that event configuration is not done yet.

Dashboard status

Horizon event logging configuration is done under View Configuration –> Event Configuration in Horizon Console.

Event Configuration

As you can see in above image, Horizon view can be configured to log events data using following methods, 

You can configure any of these method or combination of these methods or all of them can be configured at once. So let’s look at each of these methods and understand how to set them and use.

Event Database:

The event database stores View events information as records in Microsoft SQL Server or Oracle database rather than in a log file.

Supported databases for Event Logging in Horizon 7.10 and other releases can be checked here at database interoperability.

Horizon View records events like end-user actions, administrator actions, system failures alerts, and errors.

Event database is configured post installing a View Connection Server instance. We need to configure event database only on one host in a View Connection Server group (POD). The remaining hosts in the group are updated automatically.

Configuring Event Database in View:

Event configuration option
Event DB edit

Note: Ensure that Database is created in advance, this process does not create database instance automatically.

Database Details
Event database details
Event Logs

What is inside Event Database

Horizon View uses database tables to implement the event database. The event database prepends the names of these tables with a prefix that we define when we set up the event database (In my case, “VE_”).

Below are the tables used to record events data in database.

Events are written in full to both the Current tables (i.e. Event & Event_Data) and Historical tables. When events in the current table reach a certain age, they are deleted. However, events are never deleted from the Historical tables.

We can use View Administrator to configure the time period for which the database keeps a record in the event and event_data tables as shown in image below.

Events timeline

Despite setting to “show events in admin for” value to larger interval, as in above image it is 3 months, View admin portal can display only recent 2000 objects. This is because the events that are shown in the Horizon administrator console are loaded from current tables and not from Historical tables.

We cannot use Horizon Administrator console to view the logs that are stored in Historical tables. However, we can use BI reporting engines like Crystal Reports and Oracle Enterprise Performance Management System to access and analyze the event database.

Setting Up syslog

Horizon View events can be generated in Syslog format so that the event data can be accessible to third-party analytics software over the network. The default UDP port number used is 514. Configure only one host in a Connection Server POD. The remaining hosts in the group are configured automatically.

Syslog data is sent across the network without software-based encryption, and might contain sensitive data, such as user names. It is recommended to use link-layer security, such as IPSEC, to avoid the possibility of this data being monitored on the network.

Syslog Add
Syslog Details
Syslog FQDN and port

Logging to flat file (Local and File Share)

Horizon View events are accumulated in a local log file when configured with default option as shown in image below.

Flat file login without network share

The maximum size of the local directory for event logs, including closed log files is 300MB. The default destination of the output is %PROGRAMDATA%\VMware\VDM\events\. Once it reaches the max size limit, then oldest log files are deleted.

Instead of using local file, we can specify a file share where these log files are stored centrally. With this approach, size limit is not applicable.

If planning to collect logs in a flat-file format on network share, we must have the UNC path to the file share and folder along with user name, domain name, and password. This account must have permission to write to the file share.

Network share

Verify the details once added.

Flat file on UNC


That is all in this post.

!!! Cheers !!!

Exit mobile version