Automatically generated based on tag:

VMware ESXi Page VMware ESXi run a Syslog service that logs messages from the kernel and other system components. Logs notably include information on authentication, commands entered in the ESXi Shell, and events on virtual machines life-cycle operations (configuration changes, web console access, snapshot operations, etc.).

The ESXi logs location is defined through the "/etc/vmsyslog.conf" configuration file. By default, logs are placed in "/scratch/log/" / "/var/run/log/" (which are symlinks pointing to the same "/vmfs/volumes/<UID>/log/" directory).

The collection of ESXi logs can be automated through the creation of a "support bundle". A support bundle can be manually generated through the ESXi Host Client web interface or using the DFIR4vSphere PowerShell module (for ESXi attached to a running and reachable vCenter instance).
SSH authentication logs:

ESXi host agent logs:

ESXi Shell logs:

vCenter Server agent logs:

Per virtual machines logs:

View on GitHub