Although most configurations on ESXi are controlled via an API, there are a limited set of configuration files that are used directly to govern host behavior. These specific files are exposed with the vSphere HTTPS-based file transfer API. Tampering with these files has the potential to enable unauthorized access to the host configuration and virtual machines.

Any changes to these files should be correlated with an approved administrative action, such as an authorized configuration change.


Attempting to monitor files that are not exposed by the file-transfer API can destabilize the system.

View or retrieve configuration files using the managed object browser (MOB) or an API client such as vCLI or PowerCLI. These methods allow you to keep track of the files and their contents, which helps ensure that they are not improperly modified. Do not monitor log files and other files whose content is expected to change regularly. You should also account for configuration file changes that are due to deliberate administrative activity.


Not all of the files that are listed are modifiable.

Browse to https://<hostname>/host to view accessible configuration files.

You cannot browse to this URL if the managed object browser (MOB) is disabled. In that case, view or retrieve files with an API client such as vCLI or PowerCLI.