If you need to send system logs to other log aggregators, within or outside the host vSphere or host VMC cluster, you can configure a Syslog server or a vRealize Log Insight agent that can collect log files and then forward them to a vRealize Log Insight server or any other third-party Syslog server. As a Provider Administrator, you can configure a Syslog server to collect log files of Provider VM, Agent VM, and provisioned databases.

The provision to store all the logs in a centralised location helps to manage logs and take required actions efficiently. Logs are also useful for audit purposes. You can also filter logs in the Syslog server based on tag details of the log. Tags can include the VM (provider,tenant, or db) and the component. For example, for agent monitoring service logs, you can use the string "tenant-monitoring" as the filter.

Prerequisites

Before you configure a Syslog server or a vRealize Log Insight agent for Log Forwarding, ensure the following:

  • The Syslog server deployment is created.
  • The Provider VM, Agent VM, and provisioned databases have connectivity to the Syslog server that you configure.
  • The IP address, port number, and protocol to configure the Syslog server is identified.

Limitations

If you configure a Syslog server or a vRealize Log Insight agent for Log Forwarding, note the following:

  • Only TCP and UDP protocols are supported for accessing the Syslog server from the Provider VM, Agent VM, and provisioned databases
  • You can configure either Elastic Search or a Syslog server, but not both.

Procedure

Perform the following procedure to configure Syslog server settings:

  1. Select Settings from the left navigation pane.

    This action displays the Information tab in the Settings view.

  2. Click the Log Forwarding tab in the Settings view, and then click EDIT.

  3. Toggle Log Forwarding from OFF to ON, and then set the following Syslog server properties in the Log Server Setting form.

    Property Name Value
    Type Select Syslog from the drop down.
    IP Address The IP address of the Syslog server deployment.
    Port The port number on which the Syslog server is listening.
    Protocol Select TCP or UDP from the drop down.

  4. Click SAVE.

Note: After you configure Syslog server, you can click EDIT in the Log Server Settings view of the Log Forwarding tab to change the IP Address, Post, and Protocol of the Syslog server deployment, to deactivate Log Forwarding, or to configure Elastic Search.

Managing Log Forwarding Sources of the Syslog Server

After you have configured a Syslog server for Log Forwarding, you can see the Log Forwarding Sources table in the Log Forwarding tab. The table provides information about the Log Forwarding sources, Provider VM, Agent VM, and provisioned databases and helps you to monitor, modify, and manage Log Forwarding for the Syslog server.

Property Name Value Description
Source Name Provider Appliance, Agent Appliance, or Database Appliance Lists the source of Log Forwarding.
Configuration Status OFF or ON You can toggle OFF or ON to deactivate or enable Log Forwarding from the source. By default, it is set to ON.
Last Modification Status
  • Success. All VMs are up to date.
  • Failed. X out of Y VMs have not been synced. Please Retry.
  • Not Configured
    		•  Lists if the configuration of Log Forwarding is a success or failure along with the number of VMs for which the operation failed. It also lists if Log Forwarding is not configured for the source.
    Last Modified Time Date and Time Lists the date and time when the configuration of the source was last modified.

    If a particular source of Log Forwarding is not configured due to connection issues or a powered off VM which is later powered on, you can click RETRY at the top right corner of the Log Forwarding Sources table. If you click RETRY, activating or deactivating log forwarding configuration, as required, is retried for all the log sources.

    Configuration Flows of Configuring Syslog Server

    Configuring the Syslog server always starts from the Provider VM, followed by the Agent VM, and finally the provisioned databases.

    If the agent is not onboarded and databases are not provisioned when Syslog server is configured for the Provider VM, the Last Modification Status for the Agent Appliance, or Database Appliance in the Log Forwarding Sources table reads Not Configured even if the Configuration Status is set to ON. After a agent is onboarded or after a new database is provisioned, you can click the refresh icon at the top right corner of the UI to view the change in the Last Modification Status to success or failure, as might be the case.

    In case of a High Availability (HA) environment setup, all the Provider nodes are configured for Log Forwarding irrespective of the fact whether HA is configured before or after Log Forwarding.

    check-circle-line exclamation-circle-line close-line
    Scroll to top icon