ESXi 5.0 host logs not found in /var/log
search cancel

ESXi 5.0 host logs not found in /var/log


Article ID: 304894


Updated On:


VMware vSphere ESXi


This article provides a resolution for missing symbolic links in /var/log which point to /scratch/log.

  • On an ESXi 5.0 host, you do not find any log files in /var/log.
  • The vmsyslogd process is not running on the host.
  • You may not be able to scan a host for baseline compliance with vCenter Update Manager.


VMware vSphere ESXi 5.0


By default, logging is configured on an ESXi 5.0 host to log to /scratch/log, and symbolic links pointing to these files are located in /var/log. These symbolic links may not be created if the vmsyslogd process is not running on the host because it did not start successfully during a host reboot.

During the boot process, vmsyslogd reads the configuration file at /etc/vmsyslog.conf. If this configuration file has a syslog host configured, the logs are then output to the syslog server and not the local /scratch partition.

However, if the syslog server has been set up in error, or if the FQDN for the syslog host can not be resolved by the ping command from the ESXi host, vmsyslogd will not start during a host reboot.


To resolve this issue, correct any syslog host configuration errors, or remove the syslog configuration on the ESXi host:
  • If a syslog host is being used for ESXi logging in the environment:

    1. Ensure that the DNS and server IP addresses are correct in the /etc/resolv.conf file.
    2. Ensure that you can vmkping the FQDN of the defined syslog host.

  • If a syslog host has been set up in error on the ESXi host:

    1. Remove the syslog host's FQDN:

      1. Using the vSphere Client, connect to the host directly or to the vCenter Server.
      2. Click the host's Configuration tab.
      3. Under Software, click Advanced Settings.
      4. Click syslog and delete the FQDN from the logHost field and click OK to commit the changes.

    2. Ensure that the changes have been successfully committed:

      1. Connect to the ESXi host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746).
      2. View the contents of the vmsyslog.conf file by running the command:

        cat /etc/vmsyslog.conf

      3. Verify that there are no entries for the logHost under [vmsyslog].

        For example, the default vmsyslog.conf file pointing to a local /scratch partition for logging is similar to:


        size = 1024
        logdir_unique = false
        loghost = <none>
        rotate = 8
        logdir = <none>

        rotate = 8
        logdir = /scratch/log
        size = 1024

    3. Reboot the host to start the vmsyslogd process.
    4. After the host has rebooted, confirm that the vmsyslogd process is running:

      1. Connect to the ESXi host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746).
      2. Run the command:

        ps | grep vmsyslogd

        Note: If the vmsyslogd process is running, you see lines echoed to the SSH session with corresponding PIDs. If the output is another blank command line, the process is not running.

    5. If the process is running, confirm that symbolic links for the logs to /scratch/log are present by running the command:

      ls -la /var/log

    6. Confirm that logging has resumed successfully by running the command:

      less /var/log/hostd.log

      Press Shift+G to go to the bottom of the less output, and observe the time stamp value. A very recent time stamp (within the last seconds to minutes) indicates that logging has resumed successfully on the host.

Additional Information

Using ESXi Shell in ESXi 5.x and 6.x