If you need to send system logs to other log aggregators, within or outside the host vSphere or host VMC cluster, you can configure a Syslog server or a vRealize Log Insight agent that can collect log files and then forward them to a vRealize Log Insight server or any other third-party Syslog server. As a Provider Administrator, you can configure a Syslog server to collect log files of Provider VM, Agent VM, and provisioned databases.
The provision to store all the logs in a centralised location helps to manage logs and take required actions efficiently. Logs are also useful for audit purposes. You can also filter logs in the Syslog server based on tag details of the log. Tags can include the VM (provider,tenant, or db) and the component. For example, for agent monitoring service logs, you can use the string "tenant-monitoring" as the filter.
Before you configure a Syslog server or a vRealize Log Insight agent for Log Forwarding, ensure the following:
If you configure a Syslog server or a vRealize Log Insight agent for Log Forwarding, note the following:
Perform the following procedure to configure Syslog server settings:
Select Settings from the left navigation pane.
This action displays the Information tab in the Settings view.
Click the Log Forwarding tab in the Settings view, and then click EDIT.
Toggle Log Forwarding from OFF to ON, and then set the following Syslog server properties in the Log Server Setting form.
|Type||Select Syslog from the drop down.|
|IP Address||The IP address of the Syslog server deployment.|
|Port||The port number on which the Syslog server is listening.|
|Protocol||Select TCP or UDP from the drop down.|
After you have configured a Syslog server for Log Forwarding, you can see the Log Forwarding Sources table in the Log Forwarding tab. The table provides information about the Log Forwarding sources, Provider VM, Agent VM, and provisioned databases and helps you to monitor, modify, and manage Log Forwarding for the Syslog server.
|Source Name||Provider Appliance, Agent Appliance, or Database Appliance||Lists the source of Log Forwarding.|
|Configuration Status||OFF or ON||You can toggle OFF or ON to deactivate or enable Log Forwarding from the source. By default, it is set to ON.|
|Last Modification Status||Lists if the configuration of Log Forwarding is a success or failure along with the number of VMs for which the operation failed. It also lists if Log Forwarding is not configured for the source.|
|Last Modified Time||Date and Time||Lists the date and time when the configuration of the source was last modified.|
If a particular source of Log Forwarding is not configured due to connection issues or a powered off VM which is later powered on, you can click RETRY at the top right corner of the Log Forwarding Sources table. If you click RETRY, activating or deactivating log forwarding configuration, as required, is retried for all the log sources.
Configuring the Syslog server always starts from the Provider VM, followed by the Agent VM, and finally the provisioned databases.
If the agent is not onboarded and databases are not provisioned when Syslog server is configured for the Provider VM, the Last Modification Status for the Agent Appliance, or Database Appliance in the Log Forwarding Sources table reads Not Configured even if the Configuration Status is set to ON. After a agent is onboarded or after a new database is provisioned, you can click the refresh icon at the top right corner of the UI to view the change in the Last Modification Status to success or failure, as might be the case.
In case of a High Availability (HA) environment setup, all the Provider nodes are configured for Log Forwarding irrespective of the fact whether HA is configured before or after Log Forwarding.