The files that contain system messages are on the VMware Aria Operations for Logs virtual appliance.
The following table lists each file and its purpose.
If you need information on log rotation or log archiving for these files, see Data Archiving and Log Rotation Schemes Supported by VMware Aria Operations for Logs Agents in the Working with VMware Aria Operations for Logs Agents guide.
| File | Description |
|---|---|
| /var/log/vmware/loginsight/alert.log | Used to track information about user-defined alerts that have been triggered. |
| /var/log/vmware/loginsight/apache-tomcat/logs/*.log | Used to track events from the Apache Tomcat server. |
| /var/log/vmware/loginsight/cassandra.log | Used to track cluster configuration storage and replication in Apache Cassandra. |
| /var/log/vmware/loginsight/plugins/vsphere/li-vsphere.log | Used to trace events related to integration with VMware vSphere Web Client. |
| /var/log/vmware/loginsight/loginsight_daemon_stdout.log | Used for the standard output of VMware Aria Operations for Logs daemon. |
| /var/log/vmware/loginsight/phonehome.log | Used to track information about trace data collection sent to VMware (if enabled). |
| /var/log/vmware/loginsight/scheduled_reports.log | Used to track logs related to scheduled reports generation. |
| /var/log/vmware/loginsight/runtime.log | Used to track all run time information related to VMware Aria Operations for Logs. |
| /var/log/firstboot/stratavm.log | Used to track the events that occur at first boot and configuration of the VMware Aria Operations for Logs virtual appliance. |
| /var/log/vmware/loginsight/systemalert.log | Used to track information about system notifications that VMware Aria Operations for Logs sends. Each alert is listed as a JSON entry. |
| /var/log/vmware/loginsight/systemalert_worker.log | Used to track information about system notifications that a VMware Aria Operations for Logs worker node sends. Each alert is listed as a JSON entry. |
| /var/log/vmware/loginsight/ui.log | Used to track events related to the VMware Aria Operations for Logs user interface. |
| /var/log/vmware/loginsight/ui_runtime.log | Used to track runtime events related to the VMware Aria Operations for Logs user interface. |
| /var/log/vmware/loginsight/upgrade.log | Used to track events that occur during a VMware Aria Operations for Logs upgrade. |
| /var/log/vmware/loginsight/usage.log | Used to track all queries. |
| /var/log/vmware/loginsight/vrops_integration.log | Used to track events related to the VMware Aria Operations integration. |
| /var/log/vmware/loginsight/watchdog_log* | Used to track the run time events of the watch dog process, which is responsible for restarting VMware Aria Operations for Logs if it is shut down for some reason. |
| /var/log/vmware/loginsight/api_audit.log | Used to track the API calls to VMware Aria Operations for Logs. |
| /var/log/vmware/loginsight/pattern_matcher.log | Used to track the pattern matching times and timeouts for field extraction. |
| /var/log/vmware/loginsight/audit.log | Used to track how VMware Aria Operations for Logs is used. For more information, see Audit Logs in VMware Aria Operations for Logs. |
Log Messages Related to Security
The ui_runtime.log file contains user audit log messages in the following format.
- [2019-05-10 11:28:29.709+0000] ["https-jsse-nio-443-exec-9"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: vIDM: SAM=myusername, Domain=vmware.com, [email protected]]
- [2019-05-10 11:28:45.812+0000] ["https-jsse-nio-443-exec-3"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: vIDM: SAM=myusername, Domain=vmware.com, [email protected]]
- [2019-05-10 11:28:29.709+0000] ["https-jsse-nio-443-exec-9"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: Active Directory User: SAM=myusername, Domain=vmware.com,[email protected]]
- [2019-05-10 11:28:45.812+0000] ["https-jsse-nio-443-exec-3"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: Active Directory User: SAM=myusername, Domain=vmware.com,[email protected]]
- [2019-05-10 11:29:28.330+0000] ["https-jsse-nio-443-exec-6"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: Local User: Name=myusername]
- [2019-05-10 11:29:47.078+0000] ["https-jsse-nio-443-exec-10"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: Local User: Name=myusername]
- [2019-05-10 11:29:23.559+0000] ["https-jsse-nio-443-exec-7"/10.153.234.136 WARN] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login failure: Bad username/password attempt (username: incorrectUser)]
- [2019-05-10 11:45:37.795+0000] ["https-jsse-nio-443-exec-7"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Local User: Name=myusername]
- [2019-05-10 11:09:50.493+0000] ["https-jsse-nio-443-exec-6"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: vIDM: SAM=myusername, Domain=vmware.com, [email protected]]
- [2019-05-10 11:47:05.202+0000] ["https-jsse-nio-443-exec-10"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new group: (directoryType= VIDM, domain=vmware.com, group=vidm_admin)]
- [2019-05-10 11:58:11.902+0000] ["https-jsse-nio-443-exec-4"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed groups: [class com.vmware.loginsight.database.dao.RBACADGroupDO<vidm/vmware.com/vidm_admin>]]
Some logs are available in debug level. For information about enabling the debug level for each node, see Enable Debug Level for User Audit Log Messages.
Tip: If you are an administrator, you can modify the logging level without restarting the
VMware Aria Operations for Logs service. Go to http://
<your_Operations_for_Logs_host>/internal/config, update the value of the logging level for the relevant logs, and click
Save. For example:
<self-logging>
<logger name="root" level="INFO" />
</self-logging>
You can change the logging level to OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
Note: Each node in a
VMware Aria Operations for Logs cluster has its own
ui_runtime.log file. You can examine the log files of the nodes to monitor the cluster.
