ESXi support bundles (vm-support) fail to collect system logs when the scratch partition or Syslog.global.logDir is configured on specific NFS mounts. While the logs exist on the storage, they are absent from the resulting bundle, and datastore information under /vmfs/volumes may appear incomplete.

1. Running the vm-support command to generate a log bundle also results in incomplete log collection. 

2. Log collection from scratch partitions configured on VMFS datastores is successful 

VMware ESXi 

The NFS server is enforcing an Access Control List (ACL) or export policy that incorrectly applies the execute bit (x) to files created on the mount. The ESXi log collection utility is designed to skip any file with execute permissions to prevent the inadvertent collection of potentially malicious binaries.

By default, vmsyslogd does not create log files with execute permissions. The presence of the execute bit is an external attribute imposed by the NFS storage layer. Because the collection script cannot distinguish between a legitimate log file with incorrect permissions and a malicious executable, it defaults to skipping the file. This behavior is confirmed by the fact that relocating the log directory to a VMFS volume—where permissions are handled natively by ESXi without external ACL interference—resolves the collection failure.

Adjust the NFS server configuration to ensure that files are not granted execute permissions by default.

1. Consult with the NFS Storage Administrator to review the ACLs and export policies for the NFS shares.

2. Modify the permissions so that files created by the ESXi hosts are restricted to Read/Write (RW) access.

3. If a temporary workaround is required, relocate the Syslog.global.logDir to a local or VMFS-backed datastore.

Once permissions are corrected, manually verify that ls -lah no longer shows the x bit on .log or .gz files.