Assign global permissions in Region A to the operations service account svc-loginsight in order to collect log information from the vCenter Server instances and ESXi hosts with vRealize Log Insight. The svc-loginsight user account is specifically dedicated to collecting log information from vCenter Server and ESXi. 

1

Log in to vCenter Server by using the vSphere Web Client.

a

Open a Web browser and go to https://mgmt01vc01.sfo01.rainpole.local/vsphere-client.

b

Log in using the following credentials.

Setting

Value

User name

administrator@vsphere.local

Password

vsphere_admin_password

2

From the Home menu, select Administration.

3

Under Access Control, click Roles

4

Create a role for vRealize Log Insight. 

a

Select Read-only and click the Clone icon.

You clone the Read-only role because it includes the System.AnonymousSystem.View, and System.Read privileges. vRealize Log Insight requires those privileges for accessing log information related to the vCenter Server instances.

b

In the Clone Role Read-only dialog box, complete the configuration of the role and click OK

Setting

Description

Role name

Log Insight User

Privilege

Host.Configuration.Advanced settings

Host.Configuration.Change settings

Host.Configuration.Network configuration

Host.Configuration.Security profile and firewall

The following privileges are inherited from the Read-only role.

System.Anonymous

System.View

System.Read

These host privileges allow vRealize Log Insight to configure the syslog service on the ESXi hosts.


The Log Insight User role is propagated to other linked vCenter Server instances.

5

Assign global permissions to the svc-loginsight@rainpole.local service account.

a

In the vSphere Web Client, select Administration from the Home menu and click Global Permissions under Access Control.

b

On the Manage tab, click Add Permission


c

In the Global Permissions Root - Add Permission dialog box, click Add to associate a user or a group with a role. 

d

In the Select Users/Groups dialog box, from the Domain drop-down menu, select rainpole.local, in the filter box type svc, and press Enter. 

e

From the list of users and groups, select the svc-loginsight user, click Add, and click OK.


f

In the Add Permission dialog box, from the Assigned Role drop-down menu, select Log Insight User, select Propagate to children, and click OK.

The global permissions of the svc-loginsight@rainpole.local user propagate to all vCenter Server instances.