You can configure the VMware Aria Operations for Logs Windows agent to collect log events from one or more log files.
Field names are restricted. The following names are reserved and cannot be used as field names.
- event_type
- hostname
- source
- text
You can have up to three destinations for agent information and filter the information before it is sent. See Forwarding Logs from a VMware Aria Operations for Logs Agent.
Note:
- Monitoring a large number of files, such as a thousand or more, leads to higher resource utilization by the agent and impacts the overall performance of the host machine. To prevent this, configure the agent to monitor only the necessary files using patterns and globs, or archive the old log files. If monitoring a large number of files is a requirement, consider increasing the host parameters such as CPU and RAM.
- The agent can collect from encrypted directories, but only if it is run by the user who encrypted the directory.
- The agent supports only static directory structures. If the directories have been renamed or added, you must restart the agent to start monitoring these directories, provided the configuration covers the directories.
Prerequisites
Log in to the Windows machine on which you installed the VMware Aria Operations for Logs Windows agent and start the services manager to verify that the VMware Aria Operations for Logs agent service is installed.
Procedure
Example: Configurations
[filelog|vCenterMain] directory=C:\ProgramData\VMware\VMware VirtualCenter\Logs include=vpxd-*.log exclude=vpxd-alert-*.log;vpxd-profiler-*.log event_marker=^\d{4}-\d{2}-\d{2}[A-Z]\d{2}:\d{2}:\d{2}\.\d{3}
[filelog|ApacheAccessLogs] enabled=yes directory=C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs include=*.log exclude=*_old.log tags={"Provider" : "Apache"}
[filelog|MSSQL] directory=C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log charset=UTF-16LE event_marker=^[^\s]