6.5.1

Table Of Contents
8 (Optional) Select to apply a password for encrypted core dumps to the support package.
You can make that password available to your support representative in a secure channel.
If only some of the host in your environment use encryption, some of the les in the package are
encrypted.
9 Click Finish.
10 Specify the location to which to save the log les.
The host or vCenter Server generates a .zip le containing the log les.
11 Click Save.
The Recent Tasks panel shows the Generate diagnostic bundles task in progress.
The Downloading Log Bundles dialog box appears when the Generating Diagnostic Bundle task is
nished. The download status of each bundle appears in the dialog box.
Some network errors can cause download failures. When you select an individual download in the
dialog box, the error message for that operation appears under the name and location of the log bundle
le.
12 Verify the information in the Summary and click Finish to download the log les.
Diagnostic bundles containing log les for the specied objects are downloaded to the location specied.
What to do next
“Upload Logs Package to a VMware Service Request,” on page 168.
ESXi Log Files
Log les are an important component of troubleshooting aacks and obtaining information about breaches.
Logging to a secure, centralized log server can help prevent log tampering. Remote logging also provides a
long-term audit record.
To increase the security of the host, take the following measures
n
Congure persistent logging to a datastore. By default, the logs on ESXi hosts are stored in the in-
memory le system. Therefore, they are lost when you reboot the host, and only 24 hours of log data is
stored. When you enable persistent logging, you have a dedicated activity record for the host.
n
Remote logging to a central host allows you to gather log les on a central host. From that host, you can
monitor all hosts with a single tool, do aggregate analysis, and search log data. This approach facilitates
monitoring and reveals information about coordinated aacks on multiple hosts.
n
Congure the remote secure syslog on ESXi hosts by using a CLI such as vCLI or PowerCLI, or by using
an API client.
n
Query the syslog conguration to make sure that the syslog server and port are valid.
See the vSphere Monitoring and Performance documentation for information about syslog setup, and for
additional information on ESXi log les.
Upload Logs Package to a VMware Service Request
If you already have a Service Request ID with VMware, you can use the vSphere Web Client to upload the
system log bundles directly to your service request.
Prerequisites
Request a Service Request ID from VMware Technical Support.
vSphere Monitoring and Performance
168 VMware, Inc.