VMFS Recovery™
Recover data from damaged or formatted VMFS disks or VMDK files
Recover data from damaged or formatted VMFS disks or VMDK files
Last updated: May 06, 2024

Configuring the Location of VMware Logs on ESXi

VMware ESXi runs with log files that store different types of information. These log files are saved to a default directory the moment you install ESXi. But, you can change the directory if you wish – however, it’s an advanced action, and you should be very careful when doing such. In fact, you should create a backup before proceeding.

What are Virtual Machine Log Files?

Virtual machine log files are crucial for diagnosing problems, tracking system operations, and ensuring that everything runs smoothly. These logs capture a variety of information, including system performance, error messages, system access, and operational changes. Administrators rely on these files to perform audits and recover data in case of system failures or security breaches. Additionally, they provide valuable insights that can help in optimizing the performance and security of the virtual environment. Understanding and analyzing these logs can greatly enhance the management and operational integrity of virtual machines.

Where are ESXi logs located?

VMware ESXi logs are stored in different locations depending on the type of data they contain and how the ESXi host is configured. Here are some of the common directories where you can find the logs:

  1. 1. /var/log/: This is the primary directory for log files. Important log files in this directory include:

  • vmkernel.log: Records activities related to the virtual kernel, including device discovery, storage and networking operations, and VM startups.
  • vpxa.log: Contains logs related to VMware vCenter agent activities.
  • hostd.log: Logs for the host management service, documenting events related to management interface and tasks.
  • syslog.log: General messages and logs from the ESXi host.
  • /var/log/vmware/: This directory might also contain logs for various VMware services and components.
  1. 2. /scratch/log/: If a persistent scratch location is configured, ESXi logs are redirected here. This location is typically on a persistent storage like a hard disk or a boot USB device if there’s no dedicated local storage.

  2. 3. /vmfs/volumes/datastore1/: This directory can contain logs related to virtual machines, especially when the VM is configured to put logs in a specific datastore.

You can also view logs directly from the ESXi host client or the vSphere Client, or use command-line tools like esxcli to manage and view logs. Additionally, logs can be exported or redirected to a syslog server for centralized management and longer-term storage.

What about VMware virtual disk repair?

Viewing ESXi log file contents

To view the ESXi log files using the ESXi host client, follow these steps:

Step 1: Access the ESXi Host Client

  1. 1. Connect to your ESXi host by entering the IP address or hostname of your ESXi server into a web browser. You will need to use https:///ui to access the host client interface.
  2. 2. Log in with your administrator credentials.

Step 2: Navigate to Log Files

  1. 3. Once logged in, click on the "Host" tab which is typically found at the top of the screen.
  2. 4. In the navigation panel on the left, select "Monitor" and then click on "Logs". This will open a list of log files.

Step 3: View Log Files

  1. 5. You will see a list of log files such as vmkernel.log, hostd.log, vpxa.log, etc. Select the log file you wish to view by clicking on it.
  2. 6. The contents of the log file will be displayed on the right-hand side of the screen. You can browse through the log entries directly within the ESXi host client.

Step 4: Searching and Filtering Logs

  1. 7. Use the search box (if available) at the top of the log viewer to enter keywords or specific error messages you are looking for.
  2. 8. You can also filter by date and time to narrow down to logs from a specific period.

Additional Tips

  • Refresh the log view regularly if you are troubleshooting a live issue to get updated log entries.
  • For a more detailed analysis, consider downloading the log files to your local system. This can usually be done from the same interface by selecting the log file and clicking a download button or link.

Why to change the default location of VMware logs?

There are several reasons why you might choose to change the default location of VMware logs:

  • Storage Space Management: The default location for VMware logs is typically on the system partition, which can fill up quickly, especially on hosts with limited storage. Redirecting logs to a different partition or external storage helps prevent the system partition from becoming full, which could otherwise lead to system crashes or degraded performance.
  • Data Security: Storing logs in a more secure location can be crucial for compliance with security policies and regulations. Logs often contain sensitive information, and moving them to a secured storage area can help protect this data from unauthorized access.
  • System Performance: Writing logs can involve significant I/O operations. If the logs are stored on a storage device shared with critical applications, it can impact the overall performance of those applications. Moving log files to a less busy storage device can mitigate this impact.
  • Backup and Recovery: Centralizing log files in a specific location makes it easier to back them up and restore them if necessary. This is particularly important for VMware disaster recovery purposes, where logs can provide vital information about the state of the system before a failure occurred.
  • Ease of Management: Consolidating log files in a central location can simplify management, especially in environments with multiple ESXi hosts. Centralizing logs makes it easier to implement comprehensive monitoring and analysis tools.

Alter ESXi Log Location via Command Line

To change the location of the ESXi log files via the command line, you will primarily use the ESXi Shell or Secure Shell (SSH) to access your host. Here’s a step-by-step guide on how to do this:

Step 1: Enable ESXi Shell or SSH

If not already enabled, you need to turn on the ESXi Shell and SSH service on your host to allow command line access:

  • Log in to the Direct Console User Interface (DCUI) of your ESXi host.
  • Navigate to Troubleshooting Options and enable ESXi Shell and SSH.

Step 2: Access the Command Line

Use SSH client software (like PuTTY or the terminal on Linux/Mac) to connect to your ESXi host:

  • Open your SSH client.
  • Connect to the ESXi host using its IP address and log in with your credentials.

Step 3: Configure Syslog on ESXi

You can configure the syslog service to redirect the log files to a new location. Here’s how you can change the log location:

  • Check the current syslog configuration:
esxcli system syslog config get
  • Redirect the logs by setting a new directory or datastore:
esxcli system syslog config set --logdir=/vmfs/volumes/datastore1/new_log_directory
  • Replace /vmfs/volumes/datastore1/new_log_directory with your preferred log directory path.

Step 4: Reload Syslog Configuration

  • After changing the log directory, you need to reload the syslog service to apply the changes:
esxcli system syslog reload

Step 5: Verify the Changes

  • Confirm that the log directory has been updated:
esxcli system syslog config get
  • Check that logs are being written to the new location by viewing the contents of a log file:
tail -f /vmfs/volumes/datastore1/new_log_directory/vmkernel.log

Additional Considerations

  • Ensure the new log directory exists and has the correct permissions for the syslog service to write to it.
  • Persistent Scratch Location: For changes to be persistent across reboots, it’s a good idea to configure a persistent scratch location for ESXi, which is where the logs are stored if no separate log directory is specified.
  • Backup and Monitoring: Remember to update your backup and monitoring systems to include the new log file location.

Modify ESXi Log Location Through VMware vSphere Client

To modify the log file location of VMware ESXi through the VMware vSphere Client, follow these detailed steps. This method is useful for administrators who prefer a graphical user interface over command-line interactions.

Step 1: Connect to vCenter Server

  1. 1. Open your web browser and navigate to the vCenter Server by entering its IP address or domain name.
  2. 2. Log in with your administrator credentials to access the VMware vSphere Client.

Step 2: Access Host Settings

  1. 1. From the vSphere Client home screen, navigate to the Hosts and Clusters section.
  2. 2. Select the ESXi host for which you want to change the log location from the inventory tree on the left-hand side.
  3. 3. Click the Configure tab on the right-hand panel.

Step 3: Modify Advanced System Settings

  1. 1. Under the System category, find and click on Advanced System Settings.
  2. 2. Use the search bar to find the setting named Syslog.global.logDir. This setting determines the directory where logs are stored.

Step 4: Change the Log File Location

  1. 1. Select the Syslog.global.logDir setting and click the Edit button (pencil icon).
  2. 2. In the dialog box that appears, enter the new directory path in the Value field. The path format should be like [DatastoreName] directory_path/, where DatastoreName is the name of your datastore and directory_path/ is the path to your desired log directory. For example, [Datastore1] /logs/.
  3. 3. Click OK to save the changes.

Step 5: Restart Syslog Service

To apply the changes, you need to restart the syslog service on the ESXi host:

  1. 1. Navigate back to the Host home page by selecting the ESXi host in the inventory.
  2. 2. Go to the Actions menu, navigate to Services, and then select Restart Services.
  3. 3. Choose TSM-Syslog (or Syslog Service) from the list of services and confirm to restart it.

Step 6: Verify the Changes

To ensure that the logs are being written to the new location:

  1. 1. Return to the Advanced System Settings where you edited the Syslog.global.logDir.
  2. 2. Verify that the path is correctly updated.
  3. 3. Optionally, connect to the host via SSH and check the log files directly in the new location using a command like ls or tail to view the contents.

Additional Considerations

  • Ensure that the specified datastore has sufficient space and is accessible by the ESXi host.
  • Remember that changing the log location can affect scripts or monitoring tools that access these logs, so update those tools accordingly.
  • Keep in mind data protection and compliance requirements when moving log files to a new location.

Modifying ESXi Log Location in VMware Host Client

To modify the log file location of VMware ESXi through the VMware Host Client (the web interface accessible directly on the ESXi host itself), you can follow these steps. This is a practical approach when you're working directly on a single host without vCenter Server.

Step 1: Connect to the ESXi Host

  1. 1. Open a web browser and enter the IP address or hostname of your ESXi host to access the VMware Host Client.
  2. 2. Log in using your administrator credentials.

Step 2: Access System Settings

  1. 1. Once logged in, navigate to the Host section located at the top of the client interface.
  2. 2. Click on the Manage tab.

Step 3: Adjust Advanced System Settings

  1. 1. Under the System tab within the Manage section, find and select Advanced Settings.
  2. 2. Use the search function to look for the setting Syslog.global.logDir. This setting specifies the directory where the ESXi logs are stored.

Step 4: Edit the Log Location

  1. 1. Locate the Syslog.global.logDir setting and click the pencil icon to edit.
  2. 2. A dialog box will appear where you can change the value. You need to specify the new location in the format [DatastoreName] path/. For example, you might enter [Datastore1] /logs/ to store logs in a folder named logs on Datastore1.
  3. 3. After entering the new log directory, click Save to apply the changes.

Step 5: Restart Syslog Services

To ensure the changes take effect, you should restart the syslog services:

  1. 1. Navigate back to the main page by clicking on the Host tab.
  2. 2. Go to the Actions drop-down menu, select Services, and then Restart Services.
  3. 3. Find and restart the Syslog Service (or TSM-Syslog depending on the ESXi version) to apply the new settings.

Step 6: Verify the Changes

To confirm that logs are being written to the new location:

  1. 1. You can return to the Advanced Settings to ensure the Syslog.global.logDir setting reflects your changes.
  2. 2. Optionally, for immediate verification, open a console (via SSH or ESXi Shell) and check the new log directory using commands like ls or tail -f on one of the log files to see if new entries are being added.


  • Make sure that the specified directory exists on the datastore and that it has the appropriate permissions set.
  • The datastore you choose should have sufficient space to accommodate log files, as they can grow quickly, especially on busy systems.
  • If you are managing multiple ESXi hosts, consider standardizing the log file locations across all hosts to simplify management and troubleshooting.
Note: guide to VMware VMDK repair

Changing ESXi Log Location Using PowerCLI

Changing the ESXi log file location using VMware PowerCLI is an efficient way to manage logging settings across one or multiple hosts, whether they are managed individually or through vCenter. Below are the methods for each scenario.

Modify ESXi Log Location on a Standalone Host

Step 1: Connect to the ESXi Host

First, open PowerCLI and connect to your ESXi host:

Connect-VIServer -Server -User -Password

Step 2: Change the Log Directory

To change the log directory, use the Set-VMHostSysLogServer cmdlet:

Set-VMHostSysLogServer -SysLogServer -VMHost

Replace with your new log path, such as [Datastore1] /logs/.

Step 3: Restart Syslog Service

Restart the syslog service to apply the changes:

Get-VMHost | Get-VMHostService | Where {$_.Key -eq "TSM-Syslog"} | Restart-VMHostService

Step 4: Confirm the Change

Verify the new setting with:

Get-VMHostSysLogServer -VMHost

Adjusting ESXi Log Location for Multiple Hosts Without vCenter

Step 1: Connect to Each Host

Loop through each host to make the connection:

$hosts = @("Host1_IP", "Host2_IP", ...) foreach ($host in $hosts) { Connect-VIServer -Server $host -User -Password }

Step 2: Apply Changes

Apply the new log directory settings for each host:

foreach ($host in $hosts) { Set-VMHostSysLogServer -SysLogServer -VMHost $host Get-VMHost $host | Get-VMHostService | Where {$_.Key -eq "TSM-Syslog"} | Restart-VMHostService }

Step 3: Verify Changes

Check the settings for each host:

foreach ($host in $hosts) { Get-VMHostSysLogServer -VMHost $host }

Modifying ESXi Log Location for Multiple Hosts Using vCenter

Step 1: Connect to vCenter

Connect to your vCenter server:

Connect-VIServer -Server -User -Password

Step 2: Change Log Location for All Hosts

Retrieve all hosts and set the syslog server for each:

Get-VMHost | Set-VMHostSysLogServer -SysLogServer

Step 3: Restart Services

Restart the syslog service on all hosts:

Get-VMHost | Get-VMHostService | Where {$_.Key -eq "TSM-Syslog"} | Restart-VMHostService

Step 4: Confirm Changes

Confirm the log directory has been updated for all hosts:

Get-VMHost | Get-VMHostSysLogServer

These steps provide a streamlined method to modify ESXi log locations using PowerCLI, enabling efficient management across different setups, whether you're dealing with a single host or an entire cluster managed via vCenter.

How recover files in VMware on ESXi?

DiskInternals VMFS Recovery is a powerful tool designed to recover data from VMFS (Virtual Machine File System) drives used by VMware ESXi servers. This software can be very useful if you've lost data due to deletion, formatting, VM failure, or other scenarios. Here’s how to use DiskInternals VMFS Recovery to recover files in VMware on ESXi:

Step 1: Install DiskInternals VMFS Recovery

First, download and install DiskInternals VMFS Recovery on a Windows computer. It's important to perform recovery operations from a separate system to avoid overwriting data on the ESXi host.

Step 2: Connect to the ESXi Server

  1. 1. Launch DiskInternals VMFS Recovery.
  2. 2. Connect to the ESXi server hosting the datastores you want to recover from. You can connect either directly if the disks are locally attached to your Windows machine or over the network if they are on a remote ESXi server.
    • If connecting directly, ensure the disks from the ESXi host are properly connected to the machine where VMFS Recovery is installed.
    • If connecting over the network, you will need the IP address, and possibly credentials, to access the ESXi server.

Step 3: Scan the VMFS Drives

  1. 1. Choose the drive or partition that contains the VMFS file system.
  2. 2. Start the scanning process. DiskInternals VMFS Recovery will scan the selected VMFS drives for any recoverable data. This process can take some time depending on the size of the drives and the extent of the damage.

Step 4: Recover the Files

  1. 1. Browse the recovered files. After the scan, you can browse through the file system tree to locate the specific files or virtual machine disks (VMDKs) you want to recover.
  2. 2. Preview the files. VMFS Recovery allows you to preview recoverable files before saving them, which helps confirm the integrity of the data.
  3. 3. Save the recovered files to a safe location. Ensure you save them on a different drive to avoid potential data overwriting.

Step 5: Restore VMDK Files to ESXi Server

After recovering the VMDK files, you can upload them back to your ESXi server:

  1. 1. Use VMware vSphere Client to connect to your ESXi server.
  2. 2. Upload the VMDK files to the appropriate datastore.
  3. 3. Attach the VMDK files to the respective virtual machines or create new VMs using these VMDK files as disks.

Additional Tips

  • It’s crucial to act quickly and not write any new data to the VMFS volumes once you suspect data loss to prevent data overwriting.
  • If the VMFS system is severely corrupted, consider contacting professional data recovery services that specialize in VMFS.


In conclusion, managing and recovering data in VMware ESXi environments is crucial for maintaining the integrity and availability of virtualized systems. The location and management of ESXi log files are key aspects of system administration, providing valuable insights into system operations and helping in troubleshooting and performance optimization. Changing the log file locations through various interfaces like the ESXi host client, vSphere Client, and PowerCLI allows administrators to tailor log storage to meet specific needs related to security, performance, and compliance.

Furthermore, in the event of data loss, tools like DiskInternals VMFS Recovery offer a powerful solution for retrieving deleted or corrupted data. By understanding how to effectively configure and use these tools, administrators can ensure robust data protection and quick recovery capabilities, which are essential for minimizing downtime and maintaining continuous business operations.

Overall, these practices and tools play a vital role in the effective management of VMware environments, ensuring that they remain robust, secure, and resilient against various challenges that may arise in the management of virtual infrastructures.


  • Where can I find VM logs?

    VMware log file locations for Windows are found in the C:\ProgramData directory, within a folder specific to your application.

  • How do I pull vmware logs?

    Right-click on the vCenter Server instance and select Actions > Export System Logs.... Choose "Select hosts" to include logs from specific hosts in the export bundle. Then, click "Select logs" to specify which system logs to include in the export.

  • Where is vmware endpoint log?

    If you are using a SUSE-based vCenter Server appliance, you can find the logs in the /var/log/vmware/ directory.

  • How do I collect logs in ESXi?

    Choose an ESXi host or a vCenter object from the inventory. If an ESXi host is selected, logs will only be collected for that specific host. Then, right-click on the ESXi host and select "Export System Logs." If necessary, choose the "Gather performance data" option and set the duration and interval.

Related articles

FREE DOWNLOADVer 4.21, WinBUY NOWFrom $699

Please rate this article.
51 reviews