Hello everyone,
I have a predicament. We had a non-authorised password change in our esxi 5.1 server a while back. Without going into too much detail, the guy who did it had bad intentions and we weren't likely to get the new password from him. So I did the only thing I could do - installed esxi again and set a new password, reassociated the VM's and off it went. However, now I'd like to examine the log files from the old installation to see if we can muster some sort of evidence.
I made sure to choose "keep old data". Can't remember what it said in detail now, but I got the impression I could keep my old install intact, however now I don't know where to look. Any pointers?
I would suggest to recover the root password using the Ubuntu live CD install
Follow this KB you will get your password back.
How to recover VMware ESXi root password ? - UnixArena
I think you missed the point. The password is not the problem anymore, I reinstalled esxi and set a new one. The server is now up and running with the new install, and all is well.
What I need is to access the previous esxi install. It's files should remain somewhere, but I don't know where.