As you all aware that, VMware vCenter Log Insight is a Virtual appliance from VMware that allows administrators to view, analyze and manage the syslog data. It allows the administrators to consolidate, monitor and analyze the logs to troubleshoot the vSphere efficiently and also it helps to perform security auditing and compliance management. vCenter Log Insight appliance is multipurpose appliance that includes syslog server, log consolidation and log analysis. vCenter Log Insight delivers automated log management through aggregation, analyze and search, providing operational intelligence and enterprise-wide visibility in dynamic hybrid cloud environments. It reads ,collects and analyze all types of machine generated log data such as application logs, configuration files, performance data and messages. You can connect almost operating systems, storage,firewalls, networks devices such as routers and switches to VMware vCenter Log Insight.This post is going to explain you with the procedure to configure to send vCenter appliance logs to the vCenter Log Insight server. So that you will have the log files of your vCenter Server appliance also included in the Log Insight server and it will ready for the intelligent analysis incase of troubleshooting.
vCenter appliance logs to vCenter Log Insight
Log in to your vCenter Server Appliance(vCSA) server with your root credentials using SSH connection such as Putty. Browse towards the directory, /etc/syslog-ng using the below command
cd /etc/syslog-ng
Edit the syslog-ng.log using the editor such as Vi editor. Enter the below command to edit the syslog file
vi syslog-ng.conf
Add the following text at the end of the file “Syslog-ng.conf”. Using the below config, we are sending the following vCenter appliance logss (vpxd.log, vpxd-alert.log, vws.log, vmware-vpxd.log, ds.log) from your vCenter server appliance to your vCenter Log Insight server. You can add or remove the log files by your choice.
source vpxd {
file(“/var/log/vmware/vpx/vpxd.log” follow_freq(1) flags(no-parse));
file(“/var/log/vmware/vpx/vpxd-alert.log” follow_freq(1) flags(no-parse));
file(“/var/log/vmware/vpx/vws.log” follow_freq(1) flags(no-parse));
file(“/var/log/vmware/vpx/vmware-vpxd.log” follow_freq(1) flags(no-parse));
file(“/var/log/vmware/vpx/inventoryservice/ds.log” follow_freq(1) flags(no-parse));
};
destination loginsight { udp(“<loginsight-host>”); };
log { source(vpxd); destination(loginsight); };
Enter the Log Insight host name in the place of “<loginsight-host>” in the above text. Even you can specify the protocol TCP in the place of UDP. Once the above lines are added in the config file. Save the file and exit using the below command by pressing Esc key and enter :wq! to save and exit the config file.
Restart the Syslog server for the configuration to apply. Restart using the below command
Service syslog restart
That’s it. Your vCenter Log Insight server will start receiving the log files from your vCenter Server Appliance(vCSA). I hope this is informative for you. Thanks for reading!!!.
Other VMware vCenter Log Insight related posts :
VMware vCenter Log Insight Part 1 – Initial Configuration
VMware vCenter Log Insight Part 2 – vSphere Integration with Log Insight
VMware vCenter Log Insight Part 3 – Send your vCenter appliance logs to Log Insight Server