Accessing VMware Server Web Access Logs for Authentication Failures

VMware Server 2.0 has a fundamentally different interface compared to the thick client that was used in the 1.0 product. Along with the different interface comes a logging mechanism for access to the web interface, VI Web Access. This is one of the key new display features of VMware Server 2.0. For more information on the look and feel of the new VI Web Access, be sure check out this SearchVMWare.com tip.

Simply put, VI Web Access is a purpose built web engine for access to the VMware Server configuration and console access. For both Windows and Linux hosts, there is one log file that is kept for the web interface. The file is kept at in the following locations by default:

Windows hosts: C:\Documents and Settings\All Users\Application Data\VMware\tomcat-logs
Linux hosts: /var/log/vmware/WebAccess

For my Linux installation, there is one log file, called proxy.log. The log file is relatively easy to read, however I recommend an enhanced text viewer such as NoteTab Light as there are many lines per server-side event in this log. The line below shows an authentication failure to VI Web Access:

[2008-10-23 00:13:34,523,http-8308-2,RequestProcessor] Error processing action request /action/login : [InvalidLogin] Login failed due to a bad username or password.

VI Web Access logging by default log only shows authentication issues, session timeouts, or other errors that occur. This log is separate from the other VMware Server logs, as they are generally separated by process. More information on the VMware Server product can be found in the online user’s guide.