Information
The ESXi host must store one week of audit records. If a remote audit record storage facility is available, it is essential to ensure that the local storage capacity is sufficient to hold audit records that may accumulate during anticipated interruptions in the delivery of records to the facility. This ensures that audit records are not lost or overwritten during periods when the remote storage is unavailable, allowing for seamless continuity of the audit trail and compliance requirements.
Solution
Get-VMHost -Name $ESXi | Get-AdvancedSetting Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100