How can I get an alert when a VMWare VM snapshot on an ESXi host is created or deleted?
Article ID: 460
Category: Network Services
Applies to: 4.x
Updated: 2021-09-24
In a production environment it can be important to know if and when a snapshots of a VM are added to deleted. If the VMWare ESXi host is configured to send Syslog messages to a log host like EventSentry, then it will send a message that will include the text shown below when a snapshot is added or removed:
Snapshot Added
State Transition (VM_STATE_OFF -> VM_STATE_CREATE_SNAPSHOT)
Snapshot Deleted
State Transition (VM_STATE_OFF -> VM_STATE_REMOVE_SNAPSHOT)
All Snapshots deleted
State Transition (VM_STATE_OFF -> VM_STATE_REMOVEALL_SNAPSHOT)
In order to receive an email alert, first follow KB 399 and specify the following filter both in step 2 and step 3 (content filter):
*user=*VM_STATE_*VM_STATE_*_SNAPSHOT*
