2

On ESXi Hypervisor, If I run a command on the terminal via SSH, the commands are logged in the shell.log file, i.e if i run this command

[root@esxi04:~] ls -la

then I can see this command in shell.log file as:

<164>2023-02-22T09:34:24.337Z test_host shell[68783]: [root]: ls -la

But If I use a shell script instead, like this

#!/bin/sh
echo "Test"
ls -la
find / -name "*.log" -exec /bin/rm -rf {} \;

and run this script, the commands executed are not logged in shell.log file.

Is there any way I can log all these commands run through shell script as well? How to do so?

Improve this question
5
  • Why are you running shell scripts on the CLI?
    – Chopper3
    Feb 23 at 9:33
  • I am looking into something and, this scenario popped up. I need to confirm whether it logs or not and if not how to log them.
    – Cool Guy
    Feb 23 at 9:42
  • ESXi is not a general purpose OS and shouldn't be used like one - there are APIs to achieve most if not all of your objectives, try to use it like it's supposed to be used.
    – Chopper3
    Feb 23 at 10:21
  • Well I saw a case where an attacker gained access to the ESXi and ran a malicious shell script. So, I'm trying to find the corresponding logs related to commands executed and also want to log them if not logged by default.
    – Cool Guy
    Feb 23 at 11:43
  • Just ensure that you management interface is well protected by firewall, set strong passwords, keep the patching up to date and disable the CLI - then they can't get to it anyway.
    – Chopper3
    Feb 23 at 12:34

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .