Log files are an important component of troubleshooting attacks and obtaining information about breaches of host security. Logging to a secure, centralized log server can help prevent log tampering. Remote logging also provides a long-term audit record.

Take the following measures to increase the security of the host.

Configure persistent logging to a datastore. By default, the logs on ESXi hosts are stored in the in-memory file system. Therefore, they are lost when you reboot the host, and only 24 hours of log data is stored. When you enable persistent logging, you have a dedicated record of server activity available for the host.

Remote logging to a central host allows you to gather log files onto a central host, where you can monitor all hosts with a single tool. You can also do aggregate analysis and searching of log data, which might reveal information about things like coordinated attacks on multiple hosts.

Configure remote secure syslog on ESXi hosts using a remote command line such as vCLI or PowerCLI, or using an API client.

Query the syslog configuration to make sure that a valid syslog server has been configured, including the correct port.