After you install the content pack for vRealize Operations Manager, configure the Log Insight agent on vRealize Operations Manager to send audit logs and system events to vRealize Log Insight in Region A. 

1

On your computer, create a liagent.ini file for each of the 5 nodes of vRealize Operations Manager. 

You can place each file in a node-specific folder.

a

Create an empty liagent.ini file and paste the following template configuration. 

; Client-side configuration of VMware Log Insight Agent
; See liagent-effective.ini for the actual configuration used by VMware Log Insight Agent
 
[server]
; Log Insight server hostname or ip address
; If omitted the default value is LOGINSIGHT
hostname=<YOUR LOGINSIGHT HOSTNAME HERE>
 
; Set protocol to use:
; cfapi - Log Insight REST API
; syslog - Syslog protocol
; If omitted the default value is cfapi
;
;proto=cfapi
 
; Log Insight server port to connect to. If omitted the default value is:
; for syslog: 512
; for cfapi without ssl: 9000
; for cfapi with ssl: 9543
;port=9000
 
;ssl - enable/disable SSL. Applies to cfapi protocol only.
; Possible values are yes or no. If omitted the default value is no.
;ssl=no
 
; Time in minutes to force reconnection to the server
; If omitted the default value is 30
;reconnect=30
 
[storage]
;max_disk_buffer - max disk usage limit (data + logs) in MB:
; 100 - 2000 MB, default 200
;max_disk_buffer=200
 
[logging]
;debug_level - the level of debug messages to enable:
; 0 - no debug messages
; 1 - trace essential debug messages
; 2 - verbose debug messages (will have negative impact on performace)
;debug_level=0
 
[filelog|messages]
directory=/var/log
include=messages;messages.?
 
[filelog|syslog]
directory=/var/log
include=syslog;syslog.?
 
[filelog|ANALYTICS-analytics]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ANALYTICS","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = analytics*.log*
exclude_fields=hostname
 
[filelog|COLLECTOR-collector]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = collector.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|COLLECTOR-collector_wrapper]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = collector-wrapper.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\.\d{3}
 
[filelog|COLLECTOR-collector_gc]
directory = /data/vcops/log
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
include = collector-gc*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\w]\d{2}:\d{2}:\d{2}\.\d{3}
 
[filelog|WEB-web]
directory = /data/vcops/log
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"WEB","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
include = web*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|GEMFIRE-gemfire]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"GEMFIRE","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = gemfire*.log*
exclude_fields=hostname
 
[filelog|VIEW_BRIDGE-view_bridge]
tags = {"vmw_vr_ops_appname":"vROps","vmw_vr_ops_logtype":"VIEW_BRIDGE","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = view-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|VCOPS_BRIDGE-vcops_bridge]
tags = {"vmw_vr_ops_appname":"vROps","vmw_vr_ops_logtype":"VCOPS_BRIDGE","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = vcops-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|SUITEAPI-api]
directory = /data/vcops/log
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"SUITEAPI","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
include = api.log*;http_api.log*;profiling_api.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|SUITEAPI-suite_api]
directory = /data/vcops/log/suite-api
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"SUITEAPI","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
include = *.log*
exclude_fields=hostname
event_marker=^\d{2}-\w{3}-\d{4}[\s]\d{2}:\d{2}:\d{2}\.\d{3}
 
[filelog|ADMIN_UI-admin_ui]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ADMIN_UI","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/casa
include = *.log*;*_log*
exclude_fields=hostname
 
[filelog|CALL_STACK-call_stack]
tags = {"vmw_vr_ops_appname":"vROps","vmw_vr_ops_logtype":"CALL_STACK", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>","vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>","vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/callstack
include = analytics*.txt;collector*.txt
exclude_fields=hostname
 
[filelog|TOMCAT_WEBAPP-tomcat_webapp]
tags = {"vmw_vr_ops_appname":"vROps","vmw_vr_ops_logtype":"TOMCAT_WEBAPP","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/product-ui
include = *.log*;*_log*
exclude_fields=hostname
 
[filelog|OTHER-other1]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"OTHER","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = aim*.log*;calltracer*.log*;casa.audit*.log*;distributed*.log*;hafailover*.log;his*.log*;installer*.log*;locktrace*.log*;opsapi*.log*;query-service-timer*.log*;queryprofile*.log*;vcopsConfigureRoles*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|OTHER-other2]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"OTHER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = env-checker.log*
exclude_fields=hostname
event_marker=^\d{2}\D{1}\d{2}\D{1}\d{4}\s\d{2}:\d{2}:\d{2}
 
[filelog|OTHER-other3]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"OTHER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log
include = gfsh*.log*;HTTPPostAdapter*.log*;meta-gemfire*.log*;migration*.log*
exclude_fields=hostname
 
[filelog|OTHER-watchdog]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"OTHER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/vcops-watchdog
include = vcops-watchdog.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|ADAPTER-vmwareadapter]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ADAPTER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/adapters/VMwareAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|ADAPTER-vcopsadapter]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ADAPTER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/adapters/VCOpsAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
 
[filelog|ADAPTER-openapiadapter]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ADAPTER", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
directory = /data/vcops/log/adapters/OpenAPIAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
b

In the node-specific liagent.ini file, change the following parameters and save the file.

Parameter

Description

Location in liagent.ini

Configuration Instructions

hostname

IP address or FQDN of the Log Insight VIP

[server] section

Replace <YOUR LOGINSIGHT HOSTNAME HERE> with vrli-cluster-01.sfo01.rainpole.local.

proto

Protocol that the agent uses to send events to the Log Insight server.

[server] section

Remove the ; comment in front of the parameter to set the log protocol to cfapi.

port

Communication port that the agent uses to send events to the vRealize Log Insight server.

[server] section

Remove the ; comment in front of the parameter to set the port to 9000.

vmw_vr_ops_clustername

Name of the vRealize Operations Manager cluster

each [filelog|section_name] section

Replace each <YOUR CLUSTER NAME HERE> with vrops-cluster-01.

vmw_vr_ops_clusterrole

Role of the vRealize Operations Manager node

each [filelog|section_name] section

Set to Master, Replica, Data or Remote Collector.

vmw_vr_ops_hostname

IP address or FQDN of the vRealize Operations Manager node

each [filelog|section_name] section

Replace each <YOUR VROPS HOSTNAMEHERE> with the following FQDN:

vrops-mstrn-01.rainpole.local for the master node

vrops-repln-02.rainpole.local for the replica node

vrops-datan-03.rainpole.local for data node 1

vrops-rmtcol-01.sfo01.rainpole.local for remote collector 1

vrops-rmtcol-02.sfo01.rainpole.local for remote collector 2

vmw_vr_ops_nodename

Name of the vRealize Operations Manager node that is set during node initial configuration

each [filelog|section_name] section

Replace each <YOUR NODE NAME HERE> with the following name:

vrops-mstrn-01 for the master node

vrops-repln-02 for the replica node

vrops-datan-03 for data node 1

vrops-rmtcol-01 for remote collector 1

vrops-rmtcol-02 for remote collector 2

You change the [server] section as follows.

[server]
; Log Insight server hostname or ip address
; If omitted the default value is LOGINSIGHT
hostname=vrli-cluster-01.sfo01.rainpole.local
; Set protocol to use:
; cfapi - Log Insight REST API
; syslog - Syslog protocol
; If omitted the default value is cfapi
;
proto=cfapi
; Log Insight server port to connect to. If omitted the default value is:
; for syslog: 512
; for cfapi without ssl: 9000
; for cfapi with ssl: 9543
port=9000
;ssl - enable/disable SSL. Applies to cfapi protocol only.
; Possible values are yes or no. If omitted the default value is no.
;ssl=no
; Time in minutes to force reconnection to the server
; If omitted the default value is 30
;reconnect=30

For example, on the master replica node you change the [filelog|ANALYTICS-analytics] section that is related to the logs files of the analytics module as follows.

[filelog|ANALYTICS-analytics]
tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"ANALYTICS","vmw_vr_ops_clustername":"vrops-cluster-01", "vmw_vr_ops_clusterrole":"Replica","vmw_vr_ops_nodename":"vrops-repln-02", "vmw_vr_ops_hostname":"vrops-repln-02.rainpole.local"}
directory = /data/vcops/log
include = analytics*.log*
exclude_fields=hostname
2

Enable SSH on each node of vRealize Operations Manager.

a

Open a Web browser and go to https://mgmt01vc01.sfo01.rainpole.local/vsphere-client .

b

Log in using the following credentials.

Setting

Value

User name

administrator@vsphere.local

Password

vsphere_admin_password

c

Under the mgmt01vc01.sfo01.rainpole.local vCenter Server, navigate to the virtual appliance for the node.

Virtual Appliance Name

Role

vrops-mstrn-01

Master node

vrops-repln-02

Master replica node

vrops-datan-03

Data node 1

vrops-rmtcol-01

Remote collector 1

vrops-rmtcol-02

Remote collector 2

d

Right-click the appliance node and select Open Console to open the remote console to the appliance.

e

Press ALT+F1 to switch to the command prompt.

f

Log in using the following credentials.

Setting

Value

User name

root

Password

vrops_root_password

g

Start the SSH service by running the command:

service sshd start
h

Close the virtual appliance console.

3

Apply the Log Insight agent configuration.

a

On the appliance, replace the liagent.ini file in the /var/lib/loginsight-agent folder with the node-specific file on your computer.

You can use scp, FileZilla or WinSCP.  

b

Restart the Log Insight agent on node by running the following console command as the root user.

/etc/init.d/liagentd restart
c

Stop the SSH service on the virtual appliance by running the following command. 

service
						sshd stop
4

Repeat the steps for each of the remaining vRealize Operations Manager nodes.

5

Configure the Linux Agent Group for the vRealize Operations Manager components from the vRealize Log Insight Web user interface.

a

Open a Web browser and go to https://vrli-cluster-01.sfo01.rainpole.local.

b

Log in using the following credentials.

Setting

Value

User name

admin

Password

vrli_admin_password

c

Click the configuration drop-down menu icon and select Administration.

d

Under Management, click Agents.

e

From the drop-down menu at the top, select vRops 6.x - Sample from the Available Templates section and click Copy Template.

f

In the Copy Agent Group dialog box, enter vRops6 - Agent Group in the name text box and click Copy.

g

In the agent filter fields, enter the following values pressing Enter after each host name.

Filter

Operator

Values

Hostname

matches

vrops-mstrn-01.rainpole.local

vrops-repln-02.rainpole.local

vrops-datan-03.rainpole.local

vrops-rmtcol-01.sfo01.rainpole.local

vrops-rmtcol-02.sfo01.rainpole.local

h

Click Refresh and verify that all the agents in the filter appear in the Agents list.

i

Click Save New Group at the bottom of the page.

j

Click the Dashboard tab and select the VMware - vRops 6.x dashboard from the drop-down menu on the left.

All VMware - vRops 6 dashboards become available on the vRealize Log Insight Home page.