Archive for vRealize Log Insight

Installing the Linux Log Insight agent on the vCenter Orchestrator appliance

November 21, 2016 vCO Monitoring No comments

vRARobot2

Installing the Linux Log Insight agent on vCenter Orchestrator

The Log Insight agent now gets pre-installed on some of the vRealize appliances which is very useful which means there is no need to install agents manually.  Some of the VMware products which have the agent pre-installed:

vRealize Business
vRealize Operations Manager (beginning from 6.1)
vRealize Orchestrator (beginning from 7.0.1)
vRealize Automation (beginning from 7.0.1)
vRealize Log Insight

However this version of Orchestrator is 6.0.3 due to work testing so we need to install the agent manually.

vCO Details

  • Name = techlabvco001.techlab.local
  • IP Address = 192.168.1.123/24
  • SSH enabled
  • vCO Config Page = https://192.168.1.123:8283
  • vCO Getting started page and Orchestrator client download = https://192.168.1.123:8281/vco
  • vCO Appliance login = https://192.168.1.123:5480

Log Insight Details

  • Name = techlabvrl001.techlab.local
  • IP Address = 192.168.1.122/24
  • SSH enabled
  • Log Insight Configuration = https://192.168.1.122

Useful link to Log Insight Documentation Center

http://pubs.vmware.com/log-insight-30/index.jsp#com.vmware.log-insight.agent.admin.doc/GUID-04892000-72C6-4227-BB37-6A2271E03B8C.html

Steps

Note: You may already have Orchestrator installed. If so go from connecting WinScp to the Orchestrator appliance.

  • Download and install the vCenter Orchestrator OVF. In my case this was version 6.0.3 as I was doing some testing for work.
  • Import the OVF into vCenter and follow the wizard to set all the relevant configuration information. Note: You will need to set a root password and a default password for the vmware user account in the wizard in order to access the configuration page
  • Power on the vCO appliance
  • Navigate to the vCO Config Page = https://192.168.1.123:8283 and log in with the account vmware and the password you set during installation
  • In the General Page you can reset the vmware account password if you wish

screen-shot-2016-11-14-at-11-22-37

  • Click on Network and check all the details are correct

screen-shot-2016-11-14-at-11-23-57

  • You will need to put in an authentication source (LDAP, Active Directory etc) This is required as you will need to have authentication sources to log in to the Orchestrator client

screen-shot-2016-11-14-at-11-24-54

screen-shot-2016-11-15-at-09-09-24

  • After configuring an authentication source, you may need to restart the vRO Server and the vRO Configuration Server.

screen-shot-2016-11-14-at-11-26-36

  • Add your license in. Options are below

screen-shot-2016-11-14-at-11-34-05

  • Check all other options and configure as relevant. Basically everything should look green.
  • Next Log into Log Insight

screen-shot-2016-11-14-at-11-38-08

  • Click on the Administration icon (Top right in Log Insight)

screen-shot-2016-11-14-at-11-44-31

  • Click on Agents

screen-shot-2016-11-14-at-13-15-50

  • Click on Download Log Insight Agent Version 3.0.1
  • Choose Linux RPM

screen-shot-2016-11-14-at-13-17-11

  • Using Winscp, log into the vCO appliance

screen-shot-2016-11-14-at-13-21-03

  • We now need to copy the Linux Log Insight agent to a directory on the vCO server
  • Copy the agent to the /tmp folder

screen-shot-2016-11-14-at-13-29-06

  • Putty in to the vCO box
  • Switch to the /tmp folder – cd /tmp
  • To set the target vRealize Log Insight server during installation run the sudo command and replace hostname with the IP address or hostname of the vRealize Log Insight server.
  • sudo SERVERHOST=hostname rpm -i VMware-Log-Insight-Agent-VERSION-BUILD_NUMBER.rpm
  • In my case
  • sudo SERVERHOST=techlabvrl001.techl;ab.local rpm -i VMware-Log-Insight-Agent-3.0.0-2985111.noarch_192.168.1.122.rpm

screen-shot-2016-11-14-at-13-39-25

  • You should see the following

screen-shot-2016-11-14-at-14-03-03

  • Go back into WinSCP and open the file liagent.ini from /etc/liagent.ini
  • Check the LogInsight hostname has been added in and check all other options. We will not be modifying this liagent file as the recommended way to modify these settings is via the Linux Content Pack which needs to be imported into Log Insight and configured from within here. Instructions below in further steps

screen-shot-2016-11-14-at-14-22-57

  • Go back into Log Insight and refresh the page and check the agent has been picked up.

screen-shot-2016-11-14-at-14-24-08

Next we need to install the Linux Content Pack – Linux__v1.0.vlcp currently

  • Go to the Administration icon and click on Content Packs

screen-shot-2016-11-14-at-14-34-25

  • Find the Linux Content Pack

screen-shot-2016-11-14-at-14-36-40

  • When you click on the Content Pack, the below information will come up

screen-shot-2016-11-14-at-14-37-30

  • Click Install and the below message will come up

screen-shot-2016-11-14-at-14-39-31

  • Now that you have installed the content pack you can create groups with specific configurations. Go back to Administration > Agents and create your first group for Linux computers.
  • Select Linux in the pull-down menu and click on the copy template button (2 rectangles). (Note you can’t see the 2 triangles until you hover over the agent)

screen-shot-2016-11-14-at-14-45-06

  • Put a name in for the agent group

screen-shot-2016-11-14-at-14-46-49

  • Adjust the filter to reflect what machine/machines you want to use
  • In this case I have just added a filter for the hostname of my vCO server

screen-shot-2016-11-14-at-14-48-11

  • This adds the following to the Agent Configuration for the agent on your Linux machines.
  • If you want to view the Orchestrator Workflow Information then you need to add another section in the Agent Configuration (

[filelog|vmw-vco-scripting-lo]
directory=/var/log/vmware/vco/app-server
include=scripting.log
parser=syslog_parser

screen-shot-2016-11-14-at-17-07-48

  • Click Save New Group
  • Log into the Orchestrator client and test a Workflow (I used Add an Active Directory Server and Remove an Active Directory Server but you could try anything)

screen-shot-2016-11-15-at-09-17-19

  • You should then see the below Workflow being logged in log Insight if you filter by vCO hostname

screen-shot-2016-11-14-at-17-10-37

  • Voila, you have logging set up for the vCO in Log Insight

Adding queries to Dashboards

  • We were using a Workflow which changed VM vDS Port Groups. Within this Workflow, it is set to output a string to the scripting log called PORTGROUP Change – Update completed successfully
  • We can create a favourite query using this query text contains PORTGROUP Change – Update completed successfully – See highlighted below
  • You can now add this query to a Dashboard. Whilst in the query, you can click on the icon to the right (highlighted in yellow) which means Add current query to dashboard

dashboard

  • Fill in the Dashboard details and then you should be able to view this anytime and adjust the time over which work has taken place

dashboard2

vRealize Log Insight 3.3 and vRealize Operations Manager Integration

May 12, 2016 vRealize Log Insight No comments

Log39

vRealize Log Insight and Operations Manager Integration

VMware vRealize Log Insight delivers heterogeneous and highly scalable log management with intuitive, actionable dashboards, sophisticated analytics and broad third party extensibility, providing deep operational visibility and faster troubleshooting.

Sophisticated and scalable log analytics and log management organizes chaotic log data and gives you meaningful, actionable insights across multiple tiers of a hybrid cloud environments

Useful link

Sizing
Log9
Steps
  • Download the Log Insight appliance from here
  • Import the OVF into vCenter
  • Power on the Log Insight Appliance
  • Connect to the IP address you set as your Log Insight Appliance Address – https://<Log Insight FQDN>
  • Click Next

Log1

  • Click Start New Deployment

Log2

  • Put in Admin Credentials

Log3

  • Put in a License key

Log4

  • Put in an email and check whether you want to join the customer experience program

Log5

  • Set the Time Configuration and test it. You can choose your own NTP server or sync with your ESXi hosts

Log6

  • Set your NTP Configuration

Log7

  • Finish the Configuration

Log8

  • Click Configure vSphere Integration
  • Put in your vCenter Server and username and password and test connection

Log10

  • It will then configure your hosts

Log11

A quick look through the Admin Pages

  • System Monitor

Log12

  • Cluster

Log13

  • Access Control

Log14

  • Hosts

Log15

  • Agents

Log16

  • Event Forwarding

Log17

  • License

Log18

  • vRealize Operations Integration

Log19

When you enable launch in context you will then get another menu option on an object in vROps as seen below

Log36

  • General

Log20

  • Time

Log21

  • Authentication

Log22

  • SMTP

Log23

  • Archiving

Log24

  • SSL

Log25

Next The Default Dashboards Screen

Dashboards are a collection of different charts or queries.

The screen is divided into four parts parts:

  • The menubar, all the way to the top
  • The dashboard selection. It’s the left part of the screen
  • The widget/chart area, which is the bottom part of the screen on the right
  • The filtering area, which is the top part of the screen on the right

Log26

in the top right hand corner, you can click on the drop down by Admin to change your password and e-mail address or if you want to change settings or add management packs to Log Insight (the three bars)

Log27

What can you do with dashboards?

  • You can create your own dashboards with useful metrics that you want to monitor closely.
  • Any query can be turned into a dashboard widget and visualized for any range in time.
  • You can check the performance of your system for the last hour, day, or week.
  • You can view a break down of errors by hour and observe the trends in log events.

You can filter by hostname

Log28

You can open the Interactive Analytics by clicking on the Search icon highlighted in yellow below

Log29

Within the Interactive Analytics page we can click on the highlighted icon Area to choose a type of chart to display

Log30

We can start typing a keyword into the box which will bring up other keywords you could use as well

Log31

Clicking on the gear icon to the left on an error message will bring up even more options allowing you to filter further and colourise events and errors

Log32

You can set the time interval you want to look at

Log33

There are 4 icons next to the time interval

Log34

  • You can add a current query you have built to your Favourites
  • You can add the current query to a dashboard
  • You can create or manage alerts
  • You can export or share a current query

There are another 4 tabs above the events where you can also see different information

Log35

  • Events

This lists all the events seen under the current query or default view

  • Field Table

A Field Table that contains events where each field represents a column. A dashboard field table widget contains the latest events for the given query in a table format where each field represents a column.

You can use a field table widget for the following reasons.

To see the latest events for the given query. This can be useful for change management or for security reasons.

To see only the fields you care about for a given query. This can be useful to limit event output
  • Event Types

The event Types tab is located on the Interactive Analytics page, under the search bar. When you click the event Types tab you see a list of similar events that are grouped together.

Machine learning analyzes events and discovers the types of fields that similar log messages contain. For example, the types may be timestamp, string, int, hex and others. The discovered types appear as hyperlinks within the event Types list.

Each type that machine learning discovers represents a new type of field called smart field. The default name of a smart field follows the format smart field – type number [event_type]. You can change the default name of a smart field. After you name a smart field, it appears under the Fields section just like other fields. You can rename or delete a smart field but you cannot modify its definition.

Machine learning introduces a new static field called event_type. You can use the event_type as a filter to include or exclude certain event types from queries

  • Event Trends

You can analyze log events for trends and anomalies.

Procedure

1

Navigate to the Interactive Analytics tab.
2

Construct and run your query by using the search text box and applying filters.
3

In the Set Time Range From Event dialog box, use the drop-down menus to select the period and direction of the time range.
4

Click the Event Trends tab.

Realize Log Insight compares your query to the same time period immediately before and displays the result

Fields

You can create your own custom fields to search from by doing the following

  • Look at Events and the keywords you may want to reuse in future searches
  • Highlight the word and select Extract to field

Log37

  • Name the field

Log38

  • This can then be reused

vRealize Log Insight Management Pack Configuration – vRealize Operations Management Pack

May 12, 2016 Management Packs, vRealize Log Insight No comments

Log39

vRealize Log Insight Management Pack Configuration – vRealize Operations Management Pack

VMware vRealize Operations Manager content pack is provided to present log data in a more meaningful way and to analyze all the logs redirected from a vRealize Operations Manager instance(s). The content pack contains various dashboards, queries and alerts to provide better diagnostics and troubleshooting capabilities to the vRealize Operations Manager administrator

Description

The content pack for vRealize Configurations Manager can be used to aggregate and analyze the logs from multiple vRealize Operations Manager instances. Operators can then select the particular vRealize Operations cluster or node for further analysis of the current state of the environment.

Highlights
  • Proactive monitoring and alert notifications of the vRealize Operations clusters – Specific alerts focused on important events that indicate problems can be enabled to get the alerts in vR Ops as well as for sending emails to the administrator(s).
  • Cluster-role specific breakdown of vRealize Operations events – The dashboards are grouped based on the cluster role of the vR Ops nodes/slices like Master, Data, Replica and Remote Collector to provide better manageability.
  • Cluster-role specific breakdown of vRealize Operations events – The dashboards are also grouped based on the cluster role of the vR Ops nodes/slices like Master, Data, Replica and Remote Collector to provide better manageability.

What’s New in v 1.6

  • Added vRealize operations Telemetry and vRealize operations cassandra Components in the content pack
  • Added new dashboard & widgets relevant to 6.1+, with backwards compatibility to 6.0.x
  • New Dashboards, alerts and queries

Components

The vRealize Operation Manager content pack comprises of the following components:

  • 12 Dashboard Groups
  • 81 Dashboard Widgets
  • Queries
  • Alerts
  • Extracted Fields

Download Link

The Management Pack can be downloaded here from http://solutionexchange.com

Instructions

  • Once you have downloaded the Management Pack and saved it you will need to look at the documentation here
  • What we need to do next is modify a file called liagent.ini which is located in /var/lib/loginsight-agent on the vROps appliance

The vRealize Log Insight agent enables the integration and manages communication between vRealize Operations Manager and vRealize Log Insight. The liagent.ini file contains configuration properties that control how the vRealize Log Insight agent sends events to vRealize  Log Insight servers, sets the communication protocol and port, and configures flat file log collection.
To identify the source and cluster role, tags need to be updated in the
liagent.ini configuration file. As administrator, configure the following tags for each node role and on each node in the cluster. The applicable values for Cluster roles are the following.

  • Master
  • Replica
  • Data
  • RemoteCollector

Within the file below I have highlighted in blue everything which needs adjusting according to the instructions below

  • vmw_vr_ops_appname: do not update this tag
  • vmw_vr_ops_logtype: do not update this tag
  • vmw_vr_ops_clustername: this tag can be updated
  • vmw_vr_ops_clusterrole: change the tag to either the Master, Replica, Data, or Remote Collector
  • vmw_vr_ops_nodename: this tag can be updated as per below can be picked up from Administration > Cluster Management in the vROps console

LogInsightvROps1

  • vmw_vr_ops_hostname: The IP or FQDN of the vRealize Operations Manager node as per below can be picked up from Administration > Cluster Management in the vROps console

LogInsightvROps

The liagent.ini file

The information below is what is contained in the liagent.ini file

Note you will need to update the [Sever] section only once with the LogInsight Server name

; Client-side configuration of VMware Log Insight Agent
; See liagent-effective.ini for the actual configuration used by VMware Log Insight Agent

[server]
; Log Insight server hostname or ip address
; If omitted the default value is LOGINSIGHT
hostname=techlabvrl001.techlab.local

; Set protocol to use:
; cfapi – Log Insight REST API
; syslog – Syslog protocol
; If omitted the default value is cfapi
;
;proto=cfapi

; Log Insight server port to connect to. If omitted the default value is:
; for syslog: 512
; for cfapi without ssl: 9000
; for cfapi with ssl: 9543
;port=9000

;ssl – enable/disable SSL. Applies to cfapi protocol only.
; Possible values are yes or no. If omitted the default value is no.
;ssl=no

; Time in minutes to force reconnection to the server
; If omitted the default value is 30
;reconnect=30

[storage]
;max_disk_buffer – max disk usage limit (data + logs) in MB:
; 100 – 2000 MB, default 200
;max_disk_buffer=200

[logging]
;debug_level – the level of debug messages to enable:
;   0 – no debug messages
;   1 – trace essential debug messages
;   2 – verbose debug messages (will have negative impact on performace)
;debug_level=0

[filelog|messages]
directory=/var/log
include=messages;messages.?

[filelog|syslog]
directory=/var/log
include=syslog;syslog.?

[filelog|ANALYTICS-analytics]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ANALYTICS”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = analytics*.log*
exclude_fields=hostname

[filelog|COLLECTOR-collector]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = collector.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|COLLECTOR-collector_wrapper]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = collector-wrapper.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|COLLECTOR-collector_gc]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = collector-gc*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\w]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|WEB-web]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”WEB”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = web*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|GEMFIRE-gemfire]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”GEMFIRE”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = gemfire*.log*
exclude_fields=hostname

[filelog|VIEW_BRIDGE-view_bridge]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”VIEW_BRIDGE”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = view-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|VCOPS_BRIDGE-vcops_bridge]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”VCOPS_BRIDGE”,”vmw_vr_ops_clustername”:”vropscluster” vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = vcops-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|SUITEAPI-api]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”SUITEAPI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = api.log*;http_api.log*;profiling_api.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|SUITEAPI-suite_api]
directory = /data/vcops/log/suite-api
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”SUITEAPI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = *.log*
exclude_fields=hostname
event_marker=^\d{2}-\w{3}-\d{4}[\s]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|ADMIN_UI-admin_ui]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADMIN_UI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/casa
include = *.log*;*_log*
exclude_fields=hostname

[filelog|CALL_STACK-call_stack]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”CALL_STACK”, “vmw_vr_ops_clustername”:”vropscluster“,”vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“,”vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/callstack
include = analytics*.txt;collector*.txt
exclude_fields=hostname

[filelog|TOMCAT_WEBAPP-tomcat_webapp]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”TOMCAT_WEBAPP”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/product-ui
include = *.log*;*_log*
exclude_fields=hostname

[filelog|OTHER-other1]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = aim*.log*;calltracer*.log*;casa.audit*.log*;distributed*.log*;hafailover*.log;his*.log*;installer*.log*;locktrace*.log*;opsapi*.log*;query-service-timer*.log*;queryprofile*.log*;vcopsConfigureRoles*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|OTHER-other2]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = env-checker.log*
exclude_fields=hostname
event_marker=^\d{2}\D{1}\d{2}\D{1}\d{4}\s\d{2}:\d{2}:\d{2}

[filelog|OTHER-other3]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = gfsh*.log*;HTTPPostAdapter*.log*;meta-gemfire*.log*;migration*.log*
exclude_fields=hostname

[filelog|OTHER-watchdog]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master”, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/vcops-watchdog
include = vcops-watchdog.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-vmwareadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/VMwareAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-vcopsadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/VCOpsAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-openapiadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/OpenAPIAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

  • Next we need to copy this file into the vROps appliance via WinScp into the /var/lib/loginsight-agent folder. Note: Take a backup of the original liagent.ini file first
  • Next restart the liagentd service in Putty by typing /etc/init.d/liagentd restart
  • Following this we can go to our LogInsight server and check whether we have data coming in
  • Go to Dashboards and click on the dropdown on the left hand side

LogInsightvROps2

  • You should now see data starting to come in

LogInsightvROps3

  • Note: If you had previously configured vRealize Operations 6.0.x to send its logs to Log Insight directly by editing the logger configuration, you should now undo this configuration. Leaving it in place will result in some logs being sent to Log Insight twice, and may even confuse the content pack