The files that contain system messages are located on the Log Insight virtual appliance.

File

Description

/storage/var/loginsight/runtime.log

Used to track all run time information related to Log Insight

/storage/var/loginsight/pi.log

Used to track database start or stop events

/storage/var/loginsight/usage.log

Used to track all queries

/storage/var/loginsight/ui.log

Used to track events related to the Log Insight user interface

/storage/var/loginsight/watchdog_log*

Used to track the run time events of the watch dog process, which is responsible for restarting Log Insight if it is shutdown for some reason

/storage/var/loginsight/vcenter_operations.log

Used to track events related to the vCenter Operations Manager integration

/storage/var/loginsight/loginsight_daemon_stdout.log

Used for the standard output of Log Insight daemon

/storage/var/loginsight/upgrade.log

Used to track events that occur during Log Insight upgrade

/storage/var/loginsight/apache-tomcat/logs/*.log

Used to track events from Apache Tomcat server

/storage/var/loginsight/plugins/vsphere/li-vsphere.log

Used to trace events related to integration with vSphere

/storage/var/loginsight/pgsql.log

Used to track the events of the Postgres server

/var/log/firstboot/stratavm.log

Used to track the events that occur at first boot and configuration of the Log Insight virtual appliance

/storage/var/loginsight/phonehome.log

Used to track information about trace data collection sent to VMware (if enabled).

/storage/var/loginsight/alert.log

Used to track information about user defined alerts that have been triggered.

/storage/var/loginsight/systemalert.log

Used to track information about system alerts that Log Insight sends. Each alert is listed as a JSON entry.

/storage/var/loginsight/systemalert_worker.log

Used to track information about system alerts that a Log Insight worker node sends. Each alert is listed as a JSON entry.

The runtime.log file contains user audit log messages in the following format.

[2013-05-17 20:40:18.716+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Name: admin | Role: admin]

[2013-05-17 20:39:51.395+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Name: admin | Role: admin]

[2013-09-18 12:39:34.823-0700] [http-9443-3 WARN /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][Bad username/password attempt (username: myusername)]

[2013-09-18 12:40:08.761-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]

[ 2013-09-18 12:40:20.232-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]

[2013-09-18 12:40:36.933-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Local User: Name=myusername, Role=user]

[2013-09-18 12:40:40.429-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Local User: Name=myusername, Role=user

[2013-11-13 23:26:21.569+0000] [http-443-4 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]

[2013-11-14 22:44:11.017+0000] [http-443-6 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Local User: Name=username, Role=admin]

[2013-12-05 21:03:36.751+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed users: [Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]]

[2013-12-05 21:04:16.707+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed users: [Local User: Name=username, Role=admin]]

[http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new group: (domain=vmware.com, group=VMware Employees, role=user)]

[2013-12-05 13:07:04.108-0800] [http-9443-2 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed groups: [(domain=vmware.com, group=VMware Employees, role=user)]]