ESXCLI Commands

ESXCLI Commands

esxcli system Commands

Command Description Options Help
system account add Create a new local user account.
--description | -d
User description, e.g. full name.
--id | -i
User ID, e.g. "administrator". (required)
--password | -p
User password. (secret)
--password-confirmation | -c
Password confirmation. Required if password is specified. (secret)
--shell-access | -s
Whether the user is allowed shell access if they have the appropriate administrator privileges. Default value is true for new users, unless overridden by host configuration settings.
Show the help message.
system account list List local user accounts.
Show the help message.
system account remove Remove an existing local user account.
--id | -i
ID of user to be removed. (required)
Show the help message.
system account set Modify an existing local user account.
--description | -d
User description, e.g. full name.
--id | -i
User ID, e.g. "administrator". (required)
--password | -p
User password. (secret)
--password-confirmation | -c
Password confirmation. Required if password is specified. (secret)
--shell-access | -s
Whether the user is allowed shell access if they have the appropriate administrator privileges.
Show the help message.
system auditrecords get Audit record configuration settings.
Show the help message.
system auditrecords local disable Disable audit record storage.
Show the help message.
system auditrecords local enable Enable audit record storage.
Show the help message.
system auditrecords local set Set audit record storage configuration options.
The directory to use for audit record storage. If not specified, /scratch/auditLog is used. The directory must be within a persistent file system.
Reset param value to default.
The audit record storage capacity (in MiB). If not specified, 4 is used.
Show the help message.
system auditrecords remote disable Disable transmitting audit records to remote hosts.
Show the help message.
system auditrecords remote enable Enable transmitting audit records to remote hosts.
Show the help message.
system boot device get Get the systems boot device.
Show the help message.
system clock get Display the current system clock parameters.
Show the help message.
system clock set Set system clock parameters.
--max-neg-phase | -n
max negative phase correction
--max-phase-corrections | -m
max number of phase corrections
--max-pos-phase | -p
max positive phase correction
Show the help message.
system coredump file add Create a VMkernel Dump VMFS file for this system.
--auto | -a
Automatically create a file if none found and autoCreateDumpFile kernel option is set.
--datastore | -d
Manually specify the datastore the Dump File is created in. If not provided, a datastore of sufficient size will be automatically chosen.
--enable | -e
Enable diagnostic file after creation.
--file | -f
Manually specify the file name of the created Dump File. If not provided, a unique name will be chosen.
--size | -s
Manually set the size in MB of the created Dump File. If not provided, a default size for the current machine will be calculated.
Show the help message.
system coredump file get Get the dump file path. This command will print the path to the active and/or configured VMFS Dump File.
Show the help message.
system coredump file list List the active and configured VMFS Diagnostic Files.
Show the help message.
system coredump file remove Remove a VMkernel Dump VMFS file from this system.
--file | -f
Specify the file name of the Dump File to be removed. If not given, the configured dump file will be removed.
--force | -F
Deactivate and unconfigure the dump file being removed. This option is required if the file is active.
Show the help message.
system coredump file set Set the active and configured VMkernel Dump VMFS file for this system.
--enable | -e
Enable or disable the VMkernel dump file. This option cannot be specified when unconfiguring the dump file.
--path | -p
The path of the VMFS Dump File to use. This must be a pre-allocated file.
--smart | -s
This flag can be used only with --enable=true. It will cause the file to be selected using the smart selection algorithm.
--unconfigure | -u
Unconfigure the current VMFS Dump file.
Show the help message.
system coredump network check Check the status of the configured network dump server
Show the help message.
system coredump network get Get the currently configured parameters for network coredump, if enabled.
Show the help message.
system coredump network set Set the parameters used for network core dump
--enable | -e
Enable network dump. This option cannot be specified when setting the dump parameters below.
--interface-name | -v
An active interface to be used for the network core dump. Required option when setting dump parameters.
--server-ip | -j
IP address of the core dump server (IPv4 or IPv6). Required when setting dump parameters.
--server-ipv4 | -i
IPv4 address of the core dump server.(deprecated, use -j|--server-ip instead)
--server-port | -o
Port on which the core dump server is listening. (Optional)
Show the help message.
system coredump partition get Get one of the dump partition configured values. This command will print either the active dump partition or the configured dump partition depending on the flags passed.
Show the help message.
system coredump partition list List all of the partitions on the system that have a partition type matching the VMware Core partition type. Also indicate which partition, if any, is being used as the system's dump partition and which is configured to be used at next boot.
Show the help message.
system coredump partition set Set the specific VMkernel dump partition for this system. This will configure the dump partition for the next boot. This command will change the active dump partition to the partition specified.
--enable | -e
Enable or disable the VMkernel dump partition. This option cannot be specified when setting or unconfiguring the dump partition.
--partition | -p
The name of the partition to use. This should be a device name with a partition number at the end. Example: naa.xxxxx:1
--smart | -s
This flag can be used only with --enable=true. It will cause the best available partition to be selected using the smart selection algorithm.
--unconfigure | -u
Set the dump partition into an unconfigured state. This will remove the current configured dump partition for the next boot. This will result in the smart activate algorithm being used at the next boot.
Show the help message.
system entropyd get Get configuration settings of entropyd.
Get default values instead of current values.
Show the help message.
system entropyd set Set the entropyd config parameters.
External entropy lost timeout in seconds.
Memory cache low water mark in percentage.
Memory cache size in KiB.
Reset all parameters to their default values.
Storage cache size in KiB.
Show the help message.
system health report get Displays one or more health reports
Retrieve all the health reports. The default behavior is to retrieve only the latest health report.
--filename | -f
The absolute path on the ESXi host where the health report(s) should be copied. If multiple reports are specified, they will be concatenated to this file.
--report-names | -r
Specifies one or more health reports to display. The name(s) of the report can be obtained from the 'esxcli system health report list' command. (required)
Show the help message.
system health report list List all the health reports currently generated.
Show the help message.
system hostname get Get the host, domain or fully qualified name of the ESX host.
Show the help message.
system hostname set This command allows the user to set the hostname, domain name or fully qualified domain name of the ESX host.
--domain | -d
The domain name to set for the ESX host. This option is mutually exclusive with the --fqdn option.
--fqdn | -f
Set the fully qualified domain name of the ESX host.
--host | -H
The host name to set for the ESX host. This name should not contain the DNS domain name of the host and can only contain letters, numbers and '-'. NOTE this is not the fully qualified name, that can be set with the --fqdn option. This option is mutually exclusive with the --fqdn option.
Show the help message.
system maintenanceMode get Get the maintenance mode state of the system.
Show the help message.
system maintenanceMode set Enable or disable the maintenance mode of the system.
--enable | -e
Maintenance mode state. (required)
--timeout | -t
Timeout in seconds to wait for entering the new state. Zero (default) means no timeout. The host will enter maintenance mode when there are no running virtual machines on the host. The user is required to power off or evacuate them. This includes vSphere Cluster Service VMs which may be running on the host if it is part of a vSphere cluster. Exiting maintenance mode is done when there are no running mainenance operations.
--vsanmode | -m
Action the VSAN service must take before the host can enter maintenance mode (default ensureObjectAccessibility). Allowed values are:
ensureObjectAccessibility: Evacuate data from the disk to ensure object accessibility in the vSAN cluster, before entering maintenance mode.
evacuateAllData: Evacuate all data from the disk before entering maintenance mode.
noAction: Do not move vSAN data out of the disk before entering maintenance mode.
Show the help message.
system module get Show information for a VMkernel module.
--module | -m
The name of the VMkernel module. (required)
Show the help message.
system module list List the VMkernel modules that the system knows about.
--enabled | -e
List the enabled / disabled VMkernel modules and device drivers.
--loaded | -l
List the loaded / not loaded VMkernel modules and device drivers.
Show the help message.
system module load Load a VMkernel module with the given name if it is enabled. If the module is disabled then the use of --force is required to load the module.
--force | -f
Ignore the enabled/disabled state of this module and force it to load.
--module | -m
The name of the VMkernel module to load. (required)
Show the help message.
system module set Allow enabling and disabling of a VMkernel module.
--enabled | -e
Set to true to enable the module, set to false to disable the module. (required)
--force | -f
Skip VMkernel module validity checks and set options for a module (or alias) with the given name.
--module | -m
The name of the VMkernel module to set options for. (required)
Show the help message.
system module parameters clear Clear the load time parameters for a given VMkernel module.
--force | -f
Skip VMkernel module validity checks and clear configuration anyway.
--module | -m
The name of the VMkernel module to clear parameters for. (required)
Show the help message.
system module parameters copy Copy the load time parameters from one VMkernel module to another.
--force | -f
Skip VMkernel module validity checks for the source VMkernel module.
--parameter-keys | -p
Parameter key that should get copied. (required)
--source | -s
The name of the source VMkernel module. (required)
--target | -t
The name of the target VMkernel module. (required)
Show the help message.
system module parameters list List the parameters, a descriptions of each parameter supported for a given module name and the user defined value for each parameter.
--module | -m
The name of the VMkernel module to get the option string for. (required)
Show the help message.
system module parameters set Set the load time parameters for the given VMkernel module.
--append | -a
Append the specified parameter string to the currently configured parameter string for the VMkernel module. If --append is not specified, the parameter string currently configured for the VMkernel module will be replaced by the specified parameter string.
--force | -f
Skip VMkernel module validity checks and set parameters for a module (or alias) with the given name.
--module | -m
The name of the VMkernel module to set parameters for. (required)
--parameter-string | -p
The string containing the parameters for this module. (required)
Show the help message.
system ntp get Display Network Time Protocol configuration
--server-names | -s
List server hostname only. Default is to list both hostname and any options.
Show the help message.
system ntp set Configures the ESX Network Time Protocol agent.
--enabled | -e
Start or stop ntpd. Values: [yes|no, true|false, 0|1]
--file | -f
Specify an absolute path to text file containing NTP configuration commands to load into ESXi NTP configuration.
--loglevel | -l
Syslog logging level:
debug: Most detailed logging level.
error: Least detailed logging, Reports only errors.
info: Reports normal actions in addition to warnings, events.
warning: Reports only warnings or errors.
--reset | -r
Restore the NTP configuration to factory defaults.
--server | -s
Provide one or more NTP servers as a fully qualified domain name or IP address.
Show the help message.
system ntp test Verify operational status of ESX NTP service.
Show the help message.
system ntp config get Display Network Time Protocol configuration.
Show the help message.
system ntp stats get Report operational state of Network Time Protocol Daemon
Show the help message.
system partialMaintenanceMode list Get the partial maintenance mode state of the system.
Show the help message.
system partialMaintenanceMode set Change partial maintenance mode.
--enable | -e
Desired partial maintenance mode state. (required)
--id | -i
Partial maintenance mode identifier. (required)
--timeout | -t
Timeout in seconds to wait for entering the new state. The host will enter/exit partial maintenance mode when the required conditions are met based on the specifics of the partial maintenance mode itself.
Show the help message.
system permission list List permissions defined on the host.
Show the help message.
system permission set Set permission for a user or group.
--group | -g
Specifies that the supplied ID refers to a group. ESXi local groups are not supported.
--id | -i
ID of user or group. Domain users or groups should be specified as "DOMAIN\user_name" or "DOMAIN\group_name". (required)
--role | -r
Name of role that specifies user access rights.
Admin: Full access rights
NoAccess: Used for restricting granted access. E.g. to deny access for some user whose group already has access.
ReadOnly: See details of objects, but not make changes
Show the help message.
system permission unset Remove permission for a user or group.
--group | -g
Specifies that the supplied ID refers to a group.
--id | -i
ID of user or group. (required)
Show the help message.
system process list List the VMkernel UserWorld processes currently on the host.
Show the help message.
system process stats load get System load average over the last 1, 5 and 15 minutes.
Show the help message.
system process stats running get Number of currently running processes.
Show the help message.
system ptp get Display Precision Time Protocol configuration
Show the help message.
system ptp set Configures the ESX Precision Time Protocol agent.
--device | -d
Name of network device to be used with PTP service.
--device-type | -T
Type of network device to be used with PTP service: [vmknic, pcipassthru, none]
PTP domain number (0-255).
--enabled | -e
Enable or disable PTP agent. Values: [yes|no, true|false, 0|1]
--fallback | -b
Allow PTP on failure to fall back to NTP service (Non-revertive). Values: [yes|no, true|false, 0|1]
--ipv4-address | -I
Static IPv4 address for the network device.
--ipv4-netmask | -N
Static IPv4 netmask for the network device.
--ipv4-type | -t
Type of IPv4 address for the network device: [dhcp, static, none]
--loglevel | -l
Syslog logging level: [debug, info, warning, error].
--reset | -r
Restore the PTP configuration to factory defaults.
--restart | -R
Restart PTP agent with current config.
Show the help message.
system ptp test Verify operational status of ESX PTP service.
Show the help message.
system ptp stats get Report operational state of Precision Time Protocol Daemon
Show the help message.
system secpolicy domain list List the enforcement level for each domain.
Show the help message.
system secpolicy domain set Set the enforcement level for a domain in the system. Any option specified here is not persistent and will not survive a reboot of the system.
--all-domains | -a
All domains.
--level | -l
The enforcement level. (required)
--name | -n
The domain name.
Show the help message.
system security certificatestore add Add a new CA certificate to the CA certificate store.
--filename | -f
Absolute path to certificate file in PEM format, located on the ESXi host. (required)
Show the help message.
system security certificatestore list List all certificates in the CA certificate store.
Show the help message.
system security certificatestore remove Remove a certificate from the CA certificate store.
--filename | -f
Absolute path to the file in PEM format, located on the ESXi host, describing the certificate to be removed.
--issuer | -i
Issuer name of the certificate to be removed. Also requires --serial.
--serial | -s
Serial number of the certificate to be removed. Also requires --issuer.
Show the help message.
system security fips140 ssh get Get FIPS140 mode of ssh.
Show the help message.
system security fips140 ssh set Set FIPS140 mode of ssh.
--enable | -e
Enable/disable FIPS140 mode for ssh. (required)
Show the help message.
system security keypersistence disable Disable key persistence.
Confirm deletion of all stored keys. This confirmation is required.
Show the help message.
system security keypersistence enable Enable key persistence.
Show the help message.
system security keypersistence get Get the status of key persistence.
Show the help message.
system settings advanced add Add a user defined advanced option to the /UserVars/ advanced option tree.
--description | -d
Description of the new option. (required)
--hidden | -H
Whether the option is hidden.
--host-specific | -O
This indicates that the value of this option is always unique to a host.
--impact | -I
This specifies the impact on the host when the value of the option is modified:
maintenance-mode: This indicates that the host must be in maintenance mode before the option value is modified.
reboot: This indicates that the host must be rebooted for the option value to take effect.
--int-default | -i
The default value of the new option (integer option only, required).
--max | -M
The maximum allowed value (integer option only, required).
--min | -m
The minimum allowed value (integer option only, required).
--option | -o
The name of the new option. Valid characters: letters, digits and underscore. (required)
--string-default | -s
The default value of the new option (string option only). An empty string is assumed if not specified.
--type | -t
The type of the new option. Supported values:
integer: Advanced option with integer value.
string: Advanced option with string value.
Show the help message.
system settings advanced list List the advanced options available from the VMkernel.
--delta | -d
Only display options whose values differ from their default.
--option | -o
Only get the information for a single VMkernel advanced option.
--tree | -t
Limit the list of advanced option to a specific sub tree.
Show the help message.
system settings advanced remove Remove a user defined advanced option from the /UserVars/ advanced option tree.
--option | -o
The name of the option to remove (without the /UserVars/ prefix as it is implied). (required)
Show the help message.
system settings advanced set Set the value of an advanced option.
--default | -d
Reset the option to its default value.
--int-value | -i
If the option is an integer value use this option.
--option | -o
The name of the option to set the value of. Example: "/Misc/HostName" (required)
--string-value | -s
If the option is a string use this option.
Show the help message.
system settings encryption get Get the encryption mode and policy.
Show the help message.
system settings encryption set Set the encryption mode and policy.
--mode | -m
Set the encryption mode.
--require-exec-installed-only | -e
Require executables to be loaded only from installed VIBs.
--require-secure-boot | -s
Require secure boot.
Show the help message.
system settings encryption recovery list List recovery keys.
Show the help message.
system settings encryption recovery rotate Rotate the recover key.
--keyid | -k
The ID of the new recovery key. If no value is specified, the system will generate a new key.
--uuid | -u
The UUID of the recovery key to be rotated. (required)
Show the help message.
system settings gueststore repository get Get GuestStore repository.
Show the help message.
system settings gueststore repository set Set or clear GuestStore repository.
URL of a repository to set; to clear GuestStore repository, set --url "" (required)
Show the help message.
system settings kernel list List VMkernel kernel settings.
--delta | -d
Only display options whose values differ from their default.
--option | -o
The name of the VMkernel kernel setting to get.
Show the help message.
system settings kernel set Set a VMKernel setting.
--setting | -s
The name of the VMKernel setting to set. (required)
--value | -v
The value to set the setting to. (required)
Show the help message.
system settings keyboard layout get Get the keyboard layout
Show the help message.
system settings keyboard layout list List the keyboard layout
Show the help message.
system settings keyboard layout set Set the keyboard layout
--layout | -l
The name of the layout to set
Only apply this layout for the current boot
Show the help message.
system shutdown poweroff Power off the system. The host must be in maintenance mode.
--delay | -d
Delay interval in seconds
--reason | -r
Reason for performing the operation (required)
Show the help message.
system shutdown reboot Reboot the system. The host must be in maintenance mode.
--delay | -d
Delay interval in seconds
--reason | -r
Reason for performing the operation (required)
Show the help message.
system slp get Get SLP Agent configuration.
Show the help message.
system slp search Perform SLP search for neighboring services
--node | -n
Optional, host FQDN or IP address to connect to. Use -P to control protocol used.
--port | -p
Optional, override the default port value 427.
--protocol | -P
Optional, override unicast protocol: [tcp, udp], default tcp, requires -n.
--service | -s
Optional, the service name to search for. Defaults to 'service-agent'.
Show the help message.
system slp set Configure ESX SLP agent.
--enable | -e
Start or stop SLP service. Values: [yes|no, true|false, 0|1]. (required)
Show the help message.
system slp stats get Report operational state of Service Location Protocol Daemon
Show the help message.
system snmp get Get SNMP Agent configuration
Show the help message.
system snmp hash Generate localized hash values based on this agents snmp engine id.
--auth-hash | -A
Secret to use when generating authentication hash. This should be a filename unless --raw-secret is specified. The authentication hash is used in the --users option of 'esxcli system snmp set' (required secret)
--priv-hash | -X
Secret to use when generating privacy hash. This should be a filename unless --raw-secret is specified. The privacy hash is used in the --users option of 'esxcli system snmp set'. (secret)
--raw-secret | -r
Make --auth-hash and --priv-hash options read raw secret from command line instead of file.
Show the help message.
system snmp set This command allows the user to set up ESX SNMP agent.
--authentication | -a
Set default authentication protocol. Supported values:
SHA1: SHA1 auth protocol used for authentication.
none: No authentication.
reset: Resets the param value to default.
--communities | -c
Set up to ten communities each no more than 64 characters. Format is: community1[,community2,...] (this overwrites previous settings). Use value 'reset' to set the paramter value to default.
--enable | -e
Start or stop SNMP service. Values: [yes|no, true|false, 0|1].
--engineid | -E
Set SNMPv3 engine id. Must be at least 10 to 32 hexadecimal characters. 0x or 0X is stripped if found as well as colons (:)
--hwsrc | -y
Where to source hardware events from, IPMI sensors or CIM Indications. One of:
indications: source hardware events from CIM Indications.
sensors: source hardware events from IPMI sensors.
--largestorage | -s
Support large storage for hrStorageAllocationUnits * hrStorageSize. Values: [yes|no, true|false, 0|1]. Control how the agent reports hrStorageAllocationUnits, hrStorageSize and hrStorageUsed in hrStorageTable. Setting this directive to 1 to supportlarge storage with small allocation units, the agent re-calculates these values so they all fit Integer32 and hrStorageAllocationUnits * hrStorageSize gives real size of the storage. ( Note: hrStorageAllocationUnits will not be real allocation units if real hrStorageSize won't fit into Integer32 ). Setting this directive to 0 turns off this calculation and the agent reports real hrStorageAllocationUnits, but it might report wrong hrStorageSize for large storage because the value won't fit into Integer32.
--loglevel | -l
System Agent syslog logging level:
debug: Most detailed logging level.
error: Least detailed logging, Reports only errors.
info: Reports normal actions in addition to warnings, events.
warning: Reports only warnings or errors.
--notraps | -n
Comma separated list of trap oids for traps not to be sent by agent. Use value 'reset' to set the paramter value to default.
--port | -p
Set UDP port to poll snmp agent on. The default is udp/161. May not use ports 32768 to 40959
--privacy | -x
Set default privacy protocol. Supported Values:
AES128: AES128 priv protocol used for encryption.
none: No encryption.
reset: Resets the param value to default.
--remote-users | -R
Set up to five inform user ids. Format is: user/auth-proto/-|auth-hash/priv-proto/-|priv-hash/engine-id[,...] where user is 32 chars max. auth-proto is none|SHA1, priv-proto is none|AES. '-' indicates no hash. engine-id is hex string '0x0-9a-f' up to 32 chars max. Use value 'reset' to set the paramter value to default.
--reset | -r
Return agent configuration to factory defaults.
--syscontact | -C
System contact string as presented in sysContact.0. Up to 255 characters.
--syslocation | -L
System location string as presented in sysLocation.0. Up to 255 characters.
--targets | -t
Set up to three targets to send SNMPv1 traps to. Format is: ip-or-hostname[@port]/community[,...]. The default port is udp/162. (this overwrites previous settings) Use value 'reset' to set the paramter value to default.
--users | -u
Set up to five local users. Format is: user/-|auth-hash/-|priv-hash/model[,...] where user is 32 chars max. '-' indicates no hash. Model is one of (none|auth|priv). Use value 'reset' to set the paramter value to default.
--v3targets | -i
Set up to three SNMPv3 notification targets. Format is: ip-or-hostname[@port]/remote-user/security-level/trap|inform[,...]. Use value 'reset' to set the paramter value to default.
Show the help message.
system snmp test Verify ESX SNMP notifications can be delivered to target destinations.
--auth-hash | -A
Optionally test authentication secret generates matching hash for user
--priv-hash | -X
Optionally test privacy secret generates matching hash for user
--raw-secret | -r
Make -A and -X flags read raw secret from command line instead of file.
--user | -u
Validate a given SNMPv3 user name exists
Show the help message.
system ssh client config list List SSH client's configuration settings.
--keyword | -k
Show the information only for the specified keyword.
Show the help message.
system ssh client config set Set SSH client configuration.
--keyword | -k
Specify the name of the configurable property.
--reset | -r
Restore all configurable properties, or only the property specified with -k, to factory defaults.
--value | -v
Specify the new value of the configurable property.
Show the help message.
system ssh key add Add new SSH authorized keys.
--auth-key | -k
SSH public key to be added. (required)
--username | -u
Username to add SSH authorized keys for. (required)
Show the help message.
system ssh key list List SSH authorized keys.
--username | -u
List SSH authorized keys for the specified user.
Show the help message.
system ssh key remove Remove SSH authorized keys.
--auth-key | -k
SSH public key to be removed. If this option is not specified then all keys of the user will be deleted.
--username | -u
Username to remove SSH authorized keys for. (required)
Show the help message.
system ssh server config list List SSH server's configuration settings.
--all | -a
List all possible properties of SSH server.
--keyword | -k
Show the information only for the specified keyword.
Show the help message.
system ssh server config set Set SSH server configuration.
--keyword | -k
Name of the configuration property to be changed.
--reset | -r
Restore all configurable properties, or only the property specified with -k, to factory defaults.
--value | -v
Specify the new value of the configurable property.
Show the help message.
system ssh version get Show the version of SSH.
Show the help message.
system stats installtime get Display the date and time when this system was first installed. Value will not change on subsequent updates.
Show the help message.
system stats uptime get Display the number of microseconds the system has been running.
Show the help message.
system syslog mark Issue a message to all outputs.
--message | -s
The message to issue. (required)
Show the help message.
system syslog reload Reload the log daemon to apply any new configuration options.
Show the help message.
system syslog config get Show the current global configuration values.
Show the help message.
system syslog config set Set syslog daemon configuration options.
Verify remote SSL certificates against the local CA Store.
Check the revocation status of all the certificates in an SSL certificate chain.
Number of older log files to keep.
Size of each log file before switching to a new one (in KiB).
Delay before retrying to connect to a remote host after a connection attempt has failed (in seconds).
Number of older dropped message log files to keep.
Size of each dropped message log file before switching to a new one (in KiB).
The directory to output local logs to.
Place logs in a unique subdirectory of logdir, based on hostname.
Comma (,) separated list of remote hosts to transmit messages to. Format is: protocol://target[:port][?formatter=value[&framing=value]]. Protocol must be one of (tcp | udp | ssl). Target must be one of (hostname | IPV4 | IPV6). When an IPV6 address is specified, it must be embedded in square brackets ([xxx]). If a port is not provided, udp and tcp will use 514; ssl will use 1514. Formatter must be one of (RFC_3164 | RFC_5424). Framing must be one of (octet_counting | non_transparent). The default formatter is RFC 3164; the default framing is non_transparent.
--log-level | -l
Syslog daemon logging level. This should only be changed when troubleshooting an issue with the syslog daemon. Values may be 'debug' (most detailed level), 'info' (default detail level), 'warning' (only warnings or errors), or 'error' (only errors).
Message queue capacity after which messages are dropped (as a percentage).
Maximum remote host transmission length (in bytes) when using the TCP and TLS (SSL) protocols. Messages longer than this will truncated.
Reset param value to default.
Allow the logging and audit record storage directories to be placed on a VSAN. WARNING! Enabling this parameter may cause ESXi to hang.
Strict X.509 compliance when checking SSL certificates.
Show the help message.
system syslog config logfilter add Add a log filter.
--filter | -f
The filter to be added. Format is: numLogs | ident | logRegexp. 'numLogs' sets the maximum number of log entries for the specified log messages. After reaching this number, the specified log messages are filtered and ignored. 'ident' specifies one or more system components to apply the filter to the log messages that these components generate. 'logRegexp' specifies a case-sensitive phrase with Python regular expression syntax to filter the log messages by their content. (required)
Show the help message.
system syslog config logfilter get Show the current log filter configuration values.
Show the help message.
system syslog config logfilter list Show the added log filters.
Show the help message.
system syslog config logfilter remove Remove a log filter.
--filter | -f
The filter to be removed. (required)
Show the help message.
system syslog config logfilter set Set log filtering configuration options.
Enable or disable log filtering. (required)
Show the help message.
system syslog config logger list Show the currently configured sub-loggers.
Show information only for the specified logger.
Show the help message.
system syslog config logger set Set configuration options for a specific sub-logger.
The ID of the logger to configure. (required)
Reset param value to default.
Number of rotated logs to keep for a specific logger.
Set size of logs before rotation for a specific logger, in KiB.
Show the help message.
system tierdevice create Create a new tier device partition.
--nvmedevice | -d
Specifies the name of the NVMe device to be used for tiering (required)
Show the help message.
system tierdevice delete Delete an already present tier device partition.
--nvmedevice | -d
Specifies the name of the NVMe device to be used for tiering (required)
Show the help message.
system tierdevice list List all SSDs with a tier device partition.
Show the help message.
system time get Display the current system time.
Show the help message.
system time set Set the system clock time. Any missing parameters will default to the current time
--day | -d
--hour | -H
--min | -m
--month | -M
--sec | -s
--year | -y
Show the help message.
system tls client get Get TLS client profile name and values.
--show-current-boot-profile | -c
Show current values for TLS profile. If unspecified, show values for TLS profile for next boot.
--show-profile-defaults | -s
Show default values for supported TLS profiles. For 'MANUAL' profile, the values are always shown.
Show the help message.
system tls client set Set TLS client profile name and values. The system must be rebooted for the new configuration to take effect.
--cipher-list | -c
Specify the list of ciphers in OpenSSL format.
--cipher-suite | -s
Specify the cipher suites in OpenSSL format.
--groups | -g
Specify the groups in OpenSSL format.
--profile | -p
Specify profile name from values below. When this parameter is not present, command succeeds only if current profile is MANUAL.
COMPATIBLE: A TLS profile that is compatible across all supported products and versions. This is the default profile.
MANUAL: A TLS profile that allows parameters to be specified manually at the host level and, in some cases, at the service level.
--protocol-versions | -v
Specify the protocol versions in OpenSSL format.
Show the help message.
system tls server get Get TLS server profile name and values.
--show-current-boot-profile | -c
Show current values for TLS profile. If unspecified, show values for TLS profile for next boot.
--show-profile-defaults | -s
Show default values for supported TLS profiles. For 'MANUAL' profile, the values are always shown.
Show the help message.
system tls server set Set TLS server profile name and values. The system must be rebooted for the new configuration to take effect.
--cipher-list | -c
Specify the list of ciphers in OpenSSL format.
--cipher-suite | -s
Specify the cipher suites in OpenSSL format.
--groups | -g
Specify the groups in OpenSSL format.
--profile | -p
Specify profile name from values below. When this parameter is not present, command succeeds only if current profile is MANUAL.
COMPATIBLE: A TLS profile that is compatible across all supported products and versions. This is the default profile.
MANUAL: A TLS profile that allows parameters to be specified manually at the host level and, in some cases, at the service level.
NIST_2024: A more restrictive TLS profile that meets NIST 2024 standards by allowing only AES-GCM ciphers
--protocol-versions | -v
Specify the protocol versions in OpenSSL format.
Show the help message.
system uuid get Get the system UUID.
Show the help message.
system version get Display the product name, version and build information.
--alternate | -a
Report version of software image in alternate boot bank if any.
Show the help message.
system visorfs get Obtain status information on the memory filesystem as a whole.
Show the help message.
system visorfs ramdisk add Add a new Visorfs RAM disk to the ESXi Host and mount it.
--max-size | -M
Maximum size (max reservation in MiB) (required)
--min-size | -m
Minimum size (min reservation in MiB) (required)
--name | -n
Name for the ramdisk (required)
--permissions | -p
Permissions for the root of the ramdisk (mode) (required)
--target | -t
Mountpoint for the ramdisk (absolute path) (required)
Show the help message.
system visorfs ramdisk list List the RAM disks used by the host.
Show the help message.
system visorfs ramdisk remove Remove a Visorfs RAM disk from the ESXi Host.
--target | -t
Mountpoint for the ramdisk (absolute path) (required)
Show the help message.
system visorfs tardisk list List the tardisks used by the host.
Show the help message.
system wbem get Display WBEM Agent configuration.
Show the help message.
system wbem set This command allows the user to set up ESX CIMOM agent.
--auth | -a
Specify how to authorize incoming requests. Values are password, certificate, password is by default. Changes take effect when --enable is specified.
--enable | -e
Start or stop the WBEM services (sfcbd, openwsmand). Values: [yes|no, true|false, 0|1].
--enable-https | -H
Enable or disable https connection to sfcbd. Values: [yes|no, true|false, 0|1].
--http-max-content-length | -M
Maximum allowed length in bytes of http requests. Default is 1048576.
Maximum number of simultaneous HTTP client connections before blocking new incoming HTTP requests. Default is 2.
Maximum number of simultaneous HTTPS client connections before blocking new incoming HTTPS requests. Default is 4.
--keepalive-max-request | -k
Specify the maximum number of consecutive requests on one connection. Setting it to 0 will effectively disable HTTP keep-alive. Default is 10.
--keepalive-timeout | -K
Specify the maximum time in seconds an sfcb HTTP process will wait between two requests on one connection before terminating. Setting it to 0 will disable HTTP keep-alive. Default is 1.
--loglevel | -l
Syslog logging level: debug|info|warning|error.
--max-msg-len | -m
Maximum allowed length in bytes of wbem messages. Default is 40000000.
--port | -p
Set the TCP port on which the CIMOM listens for requests. The default is 5989.
--protocols | -P
Enable or disable SSL protocols. To reset to factory defaults specify 'reset' which allows only TLS 1.2 unless system defaults have been changed.Values can be one of: [tlsv1, tlsv1.1, reset] and setting protocols here overrules system defaults. Multiple protocols can be provided using format -P protocol1 -P protocol2. Command takes effect immediately.
--provider-sample-interval | -i
The interval in seconds at which the provider manager is checking for idle providers. Default is 30.
--provider-timeout-interval | -I
The interval in seconds before an idle provider gets unloaded by the provider manager. Default is 120.
Maximum number of simultaneous provider processes. After this point if a new incoming request requires loading a new provider, then one of the existing providers will first be automatically unloaded. Default is 16.
--readonly | -R
Set readonly mode. Default is false.
--reset | -r
Restore the WBEM configuration to factory defaults.
--rp-override | -o
This overrides the configured resource pool size of a provider.
--shutdown-interval | -s
This param is no longer configurable from the CLI and can only be configured by providers.
--ssl-cipher-list | -S
The cipher list consists of one or more cipher strings separated by ':'. Default is ECDHE+AESGCM:ECDHE+AES.
--thread-pool-size | -t
Number of threads in the sfcb thread pool. Default is 5.
--thread-stack-size | -T
Minimum stack size allocated to sfcb threads. Default is 1048576.
--ws-man | -W
Enable or disable the WS-Management service (openwsmand). Enabled by default. Changes take effect when --enable is specified.
Show the help message.
system wbem provider list Display WBEM provider configuration.
Show the help message.
system wbem provider set This command is used to manage ESX CIMOM providers.
--enable | -e
Enable or disable the provider immediately. Values: [yes|no, true|false, 0|1]
--name | -n
Specify provider identifier. (required)
Show the help message.
system welcomemsg get Get the Welcome Message for DCUI.
Show the help message.
system welcomemsg set Set the welcome message string.
--message | -m
The welcome message in the initial screen of the Direct Console User Interface (DCUI) and Host Client. (required)
Show the help message.