If you have any issues or errors that occur within the ESXi Hypervisor, the ESXi Collector will send the current state of the VMkernel Memory. This will dump the core to the vCenter via network. So if a ESXi host fails or gets compromised there will be traces of sys log and other logs sent to the vCenter Serve which could be in the same organization datacenter or reside somewhere else in the cloud.
Cyber Security Tip! – DISABLE SSH after you are done working with it, this is strongly recommend to harden the ESXi host and prevent any cyber attacks against SSH (Port 22)
The ESXi Dump Collector traffic is not encrypted so best practice is to set it on a isolated VLAN that the internet or other networks do not communicate with it.
First step, is to log into VMware Server Management, also known as, VAMI.
https://YOUR_VCENTER_IP_OR_DNS:5480/The login credentials to log into VAMI
Username : root
Password : The Password you setup during installation.
Once you are logged into VAMI, you will need to go to the Services section. Then look for VMware vSphere ESXI Dump Collector.
Select it, and click START
After the VMware vSphere ESXi Dump Collector is started and running, log into your ESXi host(s) via SSH.
To enable SSH on the cluster, login your vCenter, then go to the ESXi host, Click on Configure -> System -> Services. You will see SSH, click on that and select START.
Once SSH has started, open up your favorite SSH tool, for this tutorial I am using Putty. You may download it here.
Then log into the ESXi host and you will execute few commands to enable the ESXi host to offload the VMkernel logs to the vCenter Dump Collector.
esxcli system coredump network set --interface-name vmk0 --server (YOUR vCENTER IP) --server-port 6500esxcli system coredump network set --enable trueesxcli system coredump network getAfter all those 3 commands are executed with your specific vCenter IP, you will see that the final command will get the coredump network configuration and display it in the SSH session. Once that is enabled you will see that the Alert for ESXi Core Dumps log go away and logs are offloaded.
