standalone esxi5.0.0 logging 'user root@ipaddress logged in' every few seconds?

just noticed this on one of my hosts.  

Any ideas?
LVL 1
CHI-LTDAsked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
RV Tools, vSphere Client, VMware Flings

It's probably best to create yourself, a new "root" account, specific to you, so you can easily track these access requests.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
lookup the IP Address, in DNS, traceroute, and find out which server it's coming from.

Change your root password if in doubt.

e.g. Veeam, Altiris, other management solutions.
0
 
CHI-LTDAuthor Commented:
sorry, i did, its my machine..
also downed the acronis appliance, no change.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
So, what do you have running on your machine?

PowerCLI ?
0
 
CHI-LTDAuthor Commented:
ha ha who klnows!  lots of things.
shut it down and its stopped.  will now see whats causing it.
0
 
CHI-LTDAuthor Commented:
solarwinds vm monitor!!
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
in h future if you want to know what process on your PC is doing this then run netstat -ab and it will show active connections and the filename.   Look for connections to your Esx server IP address.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Look at creating a new user e.g. Service_Solarwinds in ESXi, it makes it more secure, than using the root account to login, and you will then know what the account is!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.