Here’s a quick a powerCLI script to set local datastore as persistent log location on ESXi.

This is part of the hardening requirement for vSphere which any security concerned customers are looking at implementing.


function ReturnLocalDatastore  ($vmhost)
	$data = $VMHost | Get-Datastore | Get-View | Select-Object  @{n="Name";e={$_.Name}}, @{n="Multi-Access";e={$_.Summary.MultipleHostAccess}} |  where {$_."Multi-Access" -eq $false} 
	return $data.Name

foreach ($VMHost in Get-VMHost)
	$currentSetting =  Get-AdvancedSetting -Entity $VMHost -Name "Syslog.global.logDir"
	if ($currentSetting.value -eq "[] /scratch/log")
		$VMHostName = $VMHost.Name.Split('.')
		$localDS = ReturnLocalDatastore -VMHost $vmhost
		$VMHostDatastore = "[$localDS] /systemlogs"
		Write-Host " Setting  [ $vmhost ]  persistent log to: [ $VMHostDatastore ]"
		Get-AdvancedSetting -Entity $VMHost -Name "Syslog.global.logDir" | Set-AdvancedSetting -Value $VMHostDatastore -Confirm:$false

