If your vCenter logs are flooded with ApiGwServicePrincipal messages about token expirations, you’re not alone. These frequent “info” level logs in the apigw.log file can clutter your system, making it tough to identify real issues. Fortunately, there’s a simple workaround: adjust the logging severity from “info” to “error.” Below, I’ll guide you through the exact steps to reduce this log noise effectively.
The Issue: Too Many ApiGwServicePrincipal Logs
In vCenter, you might see repeated log entries like:
The token with id '_9eb499f7-5f0e-4b83-9149-e64ae5bbf202' for domain vsphere.local(9d121150-d80b-4dbe-8f8a-0254435cf32a) is unusable (EXPIRED). Will acquire a fresh one.
These messages occur because the default logging severity for apigw.log is set to “info,” capturing every token expiration and renewal—a normal process that doesn’t require constant attention. The result? Overloaded logs and potential performance strain. By switching the severity to “error,” you can limit logging to critical issues only.
Let’s fix it step-by-step.
Step-by-Step Workaround
Follow these instructions carefully to adjust the logging severity for apigw.log. This process applies to standalone vCenter servers and those in Enhanced Linked Mode.
1. Take a Snapshot of the vCenter Server
- Before making changes, protect your environment by taking a snapshot of your vCenter server.
- If your vCenter servers are in Enhanced Linked Mode, use offline snapshots to ensure consistency across all nodes.
- This snapshot is your rollback option if anything goes wrong.
2. Backup the Original Configuration File
- Log in to your vCenter Server Appliance (VCSA) via SSH using root credentials.
- Run this command to back up the
vmware-services-vsphere-ui.conffile:
cp /etc/vmware-syslog/vmware-services-vsphere-ui.conf /etc/vmware-syslog/vmware-services-vsphere-ui.conf.backup- This creates a safety copy (
vmware-services-vsphere-ui.conf.backup) in case you need to revert.
3. Edit the Logging Configuration File
- Open the configuration file with the
vieditor:
vi /etc/vmware-syslog/vmware-services-vsphere-ui.conf- Press
ito enter insert mode. - Find the line that sets the severity for
apigw.log, typically:
#vsphere-ui apigw log
input(type="imfile"
File="/var/log/vmware/vsphere-ui/logs/apigw.log"
Tag="ui-apigw"
Severity="info"
Facility="local0")- Change “info” to “error” so it reads:
#vsphere-ui apigw log
input(type="imfile"
File="/var/log/vmware/vsphere-ui/logs/apigw.log"
Tag="ui-apigw"
Severity="Error"
Facility="local0")- This tells vCenter to log only error-level messages for
apigw.log.
4. Save and Exit the File
- Press
Escto exit insert mode. - Type
:wq!and pressEnterto save your changes and close the editor.
5. Restart the Necessary Services
- Apply the changes by restarting the
vsphere-uiandvmware-stsdservices with these commands:
service-control --restart vsphere-ui
service-control --restart vmware-stsd- These restarts ensure the updated logging settings take effect.
Verify the Fix
- After restarting the services, check the to confirm the excessive token expiration messages have stopped.
- With the severity set to “error,” only critical issues will now appear, giving you cleaner, more actionable logs.
Why This Works
Setting the severity to “error” filters out routine “info” messages—like token expirations—while keeping errors and higher-severity events visible. This reduces log volume without hiding problems that need your attention, making it ideal for busy vCenter environments.
Key Tips
- Enhanced Linked Mode: Always use offline snapshots for consistency across linked servers.
- Plan Downtime: Restarting services may briefly affect vCenter access, so consider a maintenance window.
- Monitor Logs: Post-change, make sure no critical errors are overlooked.
Wrap-Up
By taking a snapshot, backing up the config file, tweaking the severity, and restarting services, you can tame excessive ApiGwServicePrincipal logging in vCenter. This quick fix restores clarity to your logs, letting you focus on what matters.
