You can configure parsers for both FileLog and WinLog collectors.
Prerequisites
For the
VMware Aria Operations for Logs Linux Agent:
- Log in as root or use sudo to run console commands.
- Log in to the Linux machine on which you installed the VMware Aria Operations for Logs Linux Agent, open a console and run pgrep liagent to verify that the Linux Agent is installed and running.
For the
VMware Aria Operations for Logs Windows Agent:
- Log in to the Windows machine on which you installed the VMware Aria Operations for Logs Windows Agent and start the Services manager to verify that the VMware Aria Operations for Logst service is installed.
Procedure
- Navigate to the folder containing the liagent.ini file.
| Operating System |
Path |
| Linux |
/var/lib/loginsight-agent/ |
| Windows |
%ProgramData%\VMware\Log Insight Agent |
- Open the liagent.ini file in any text editor.
- To configure a specific parser, define a parser section. [parser|myparser]
Where myparser is an arbitrary name of the parser which can be referred from log sources. Parser section should refer to any built in (or any other defined) parser and configure that parser’s mandatory options and non-required options if needed.
For example,
base_parser=csv shows that
myparser parser is derived from built-in parser
csv. It expects that input logs consist of two fields which are separated with a semicolon.
[parser|myparser]
base_parser=csv
fields=field_name1,field_name2
delimiter=“;”
- After defining myparser, refer to it from log sources winlog or filelog.
[filelog|some_csv_logs]
directory=D:\Logs
include=*.txt;*.txt.*
parser=myparser
The logs collected from
some_csv_logs sources, for example from the
D:\Logs directory, are parsed by
myparser and extracted events appear on the server as
field_name1 and
field_name2 respectively.
Note: The static logs in the
D:\Logs directory are not get pulled into
VMware Aria Operations for Logs by the agent. However, new files that are created in the
D:\Logs directory are available in
VMware Aria Operations for Logs.
- Save and close the liagent.ini file.
