vShield Endpoint thin agent logging is done inside the protected virtual machines. The following registry entries are read at boot time from the Windows Registry, and are polled periodically:
- log_dest
- log_level
The registry keys are found in the following locations:
- In vShield 1.0 x86 and x64: HKLM\System\CurrentControlSet\Services\VFileScsiFilter\Parameters\
- In vShield 5.x x86 and x64: HKLM\System\CurrentControlSet\Services\vsepflt\Parameters\
Both registry keys are DWORD bit masks that can be a combination of the following values:
- log_dest:
WINDBLOG 0x1
VMWARE_LOG 0x2 - log_level:
AUDIT 0x1
ERROR 0x2
WARN 0x4
INFO 0x8
DEBUG 0x10
References: