Automatically generated based on tag:
| Title | Type | Summary | Location |
|---|---|---|---|
| VMware ESXi | Page | VMware ESXi run a Syslog service that logs messages from the kernel and other system components. Logs notably include information on authentication, commands entered in the ESXi Shell, and events on virtual machines life-cycle operations (configuration changes, web console access, snapshot operations, etc.). The ESXi logs location is defined through the "/etc/vmsyslog.conf" configuration file. By default, logs are placed in "/scratch/log/" / "/var/run/log/" (which are symlinks pointing to the same "/vmfs/volumes/<UID>/log/" directory). The collection of ESXi logs can be automated through the creation of a "support bundle". A support bundle can be manually generated through the ESXi Host Client web interface or using the DFIR4vSphere PowerShell module (for ESXi attached to a running and reachable vCenter instance). |
SSH authentication logs: /var/run/log/auth.log ESXi host agent logs: /var/run/log/hostd.log ESXi Shell logs: /var/run/log/shell.log vCenter Server agent logs: /var/run/log/vpxa.log Per virtual machines logs: /vmfs/volumes/<DATASTORE_GUID>/<VM>/vmware.log |
View on GitHub