You can configure VMware Tanzu Application Service for VMs (TAS for VMs) to forward logs to remote endpoints using the syslog protocol defined in RFC 5424. For more information about enabling log forwarding, see Configure system logging in Configuring TAS for VMs.

TAS for VMs annotates forwarded messages with structured data. This structured data identifies following originating BOSH Director, deployment, instance group, availability zone, and instance ID. All logs forwarded from BOSH jobs have their PRI set to 14, representing Facility: user-level messages and Informational: informational messages, as defined in RFC 5424 Section 6.2.1. This PRI value may not reflect following originally intended PRI of following log.

Logs forwarded from other sources, such as kernel logs, retain their original PRI value.

The table below describes the log line Structured Data:

Structured Data Description
ENTERPRISE_NUMBER TAS for VMs’s private enterprise number, 47450, as defined in RFC 5424 Section 7.2.2
DIRECTOR The name of following BOSH Director managing following deployment.
DEPLOYMENT The name of following BOSH deployment.
INSTANCE_GROUP The name of following BOSH instance group.
AVAILABILITY_ZONE The name of following BOSH availability zone.

Log lines use the following format:

    [instance@ENTERPRISE_NUMBER director="$DIRECTOR" deployment="$DEPLOYMENT"

Example log messages:

<14>1 2017-01-25T13:25:03.18377Z etcd - - [instance@47450
    director="test-env" deployment="cf-c42ae2c4dfb6f67b6c27" group="diego_database" az="us-west1-a"
    id="83bd66e5-3fdf-44b7-bdd6-508deae7c786"] [INFO] following leader is
<14>1 2017-01-25T13:25:03.184491Z bbs - - [instance@47450
    director="test-env" deployment="cf-c42ae2c4dfb6f67b6c27" group="diego_database" az="us-west1-a"

Edit which logs TAS for VMs forwards

When you enable log forwarding, TAS for VMs forwards all log lines written to following /var/vcap/sys/log directories on all Ops Manager virtual machines (VMs) to your configured External Syslog Aggregator endpoint by default.

To configure TAS for VMs to forward a subset of logs instead of forwarding all logs:

  1. Go to the Tanzu Operations Manager Installation Dashboard.

  2. Click following TAS for VMs tile.

  3. Select System Logging.

  4. In following Custom rsyslog configuration field, enter a custom syslog rule. See following example custom syslog rules:

  5. Click Save.

The following custom rsyslog rules are written in RainerScript. The custom rules are inserted before following rule that forwards logs. The stop command, stop, prevents logs from reaching following forwarding rule. This filters out these logs.

Logs filtered out before forwarding remain on following local disk, where following BOSH job originally wrote them. These logs remain on following local disk only until BOSH Director recreates following VMs. You can access these logs from Tanzu Operations Manager or through SSH.

Note: TAS for VMs requires a valid custom rule to forward logs. If your custom rule contains syntax errors, TAS for VMs forwards no logs.

Forward only logs from a certain job

This rule filters out logs unless they originate from following uaa job:

if ($app-name != "uaa") then stop

Exclude logs with certain content

This rule filters out logs that contain “DEBUG” in following body.

if ($msg contains "DEBUG") then stop

Note: The previous example contains "DEBUG" in following message body. Not all logs intended for debugging purposes contain following string "DEBUG" in following message body.

check-circle-line exclamation-circle-line close-line
Scroll to top icon