After you install the content pack for vRealize Operations Manager, configure the Log Insight agent on the remote collector nodes of vRealize Operations Manager in Region B to send audit logs and system events to vRealize Log Insight. 

Procedure

  1. On your computer, create a liagent.ini file for each of the 2 remote collector nodes of vRealize Operations Manager in Region B. 

    You can place each file in a node-specific folder.

    1. Create an empty liagent.ini file and paste the following template configuration.
      ; Client-side configuration of VMware Log Insight Agent
      ; See liagent-effective.ini for the actual configuration used by VMware Log Insight Agent
       
      [server]
      ; Log Insight server hostname or ip address
      ; If omitted the default value is LOGINSIGHT
      hostname=<YOUR LOGINSIGHT HOSTNAME HERE>
       
      ; Set protocol to use:
      ; cfapi - Log Insight REST API
      ; syslog - Syslog protocol
      ; If omitted the default value is cfapi
      ;
      ;proto=cfapi
       
      ; Log Insight server port to connect to. If omitted the default value is:
      ; for syslog: 512
      ; for cfapi without ssl: 9000
      ; for cfapi with ssl: 9543
      ;port=9000
       
      ;ssl - enable/disable SSL. Applies to cfapi protocol only.
      ; Possible values are yes or no. If omitted the default value is no.
      ;ssl=no
       
      ; Time in minutes to force reconnection to the server
      ; If omitted the default value is 30
      ;reconnect=30
       
      [storage]
      ;max_disk_buffer - max disk usage limit (data + logs) in MB:
      ; 100 - 2000 MB, default 200
      ;max_disk_buffer=200
       
      [logging]
      ;debug_level - the level of debug messages to enable:
      ; 0 - no debug messages
      ; 1 - trace essential debug messages
      ; 2 - verbose debug messages (will have negative impact on performace)
      ;debug_level=0
       
      [filelog|messages]
      directory=/var/log
      include=messages;messages.?
       
      [filelog|syslog]
      directory=/var/log
      include=syslog;syslog.?
      
       [filelog|COLLECTOR-collector]
      tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
      directory = /data/vcops/log
      include = collector.log*
      exclude_fields=hostname
      event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
       
      [filelog|COLLECTOR-collector_wrapper]
      tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
      directory = /data/vcops/log
      include = collector-wrapper.log*
      exclude_fields=hostname
      event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\.\d{3}
       
      [filelog|COLLECTOR-collector_gc]
      directory = /data/vcops/log
      tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>", "vmw_vr_ops_clusterrole":"Master","vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>", "vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
      include = collector-gc*.log*
      exclude_fields=hostname
      event_marker=^\d{4}-\d{2}-\d{2}[\w]\d{2}:\d{2}:\d{2}\.\d{3}
        
      [filelog|CALL_STACK-call_stack]
      tags = {"vmw_vr_ops_appname":"vROps","vmw_vr_ops_logtype":"CALL_STACK", "vmw_vr_ops_clustername":"<YOUR CLUSTER NAME HERE>","vmw_vr_ops_clusterrole":"Master", "vmw_vr_ops_nodename":"<YOUR NODE NAME HERE>","vmw_vr_ops_hostname":"<YOUR VROPS HOSTNAME HERE>"}
      directory = /data/vcops/log/callstack
      include = collector*.txt
      exclude_fields=hostname
    2. In the node-specific liagent.ini file, change the following parameters and save the file.

      Parameter

      Description

      Location in liagent.ini

      Configuration Instructions

      hostname

      IP address or FQDN of the Log Insight VIP

      [server] section

      Replace <YOUR LOGINSIGHT HOSTNAME HERE> with vrli-cluster-51.lax01.rainpole.local.

      proto

      Protocol that the agent uses to send events to the Log Insight server.

      [server] section

      Remove the ; comment in front of the parameter to set the log protocol to cfapi.

      port

      Communication port that the agent uses to send events to the vRealize Log Insight server.

      [server] section

      Remove the ; comment in front of the parameter to set the port to 9000.

      vmw_vr_ops_clustername

      Name of the vRealize Operations Manager cluster

      each [filelog|section_name] section

      Replace each <YOUR CLUSTER NAME HERE> with vrops-cluster-01.

      vmw_vr_ops_clusterrole

      Role of the vRealize Operations Manager node

      each [filelog|section_name] section

      Set to Remote Collector.

      vmw_vr_ops_hostname

      IP address or FQDN of the vRealize Operations Manager node

      each [filelog|section_name] section

      Replace each <YOUR VROPS HOSTNAME NAME HERE> with the following FQDN:

      • vrops-rmtcol-51.lax01.rainpole.local  for remote collector 1

      • vrops-rmtcol-52.lax01.rainpole.local for remote collector 2

      vmw_vr_ops_nodename

      Name of the vRealize Operations Manager node that is set during node initial configuration

      each [filelog|section_name] section

      Replace each <YOUR NODE NAME HERE> with the following name:

      • vrops-rmtcol-51 for remote collector 1

      • vrops-rmtcol-52 for remote collector 2

      You change the [server] section as follows.

      [server]
      ; Log Insight server hostname or ip address
      ; If omitted the default value is LOGINSIGHT
      hostname=vrli-cluster-51.lax01.rainpole.local
      ; Set protocol to use:
      ; cfapi - Log Insight REST API
      ; syslog - Syslog protocol
      ; If omitted the default value is cfapi
      ;
      proto=cfapi
      ; Log Insight server port to connect to. If omitted the default value is:
      ; for syslog: 512
      ; for cfapi without ssl: 9000
      ; for cfapi with ssl: 9543
      port=9000
      ;ssl - enable/disable SSL. Applies to cfapi protocol only.
      ; Possible values are yes or no. If omitted the default value is no.
      ;ssl=no
      ; Time in minutes to force reconnection to the server
      ; If omitted the default value is 30
      ;reconnect=30

      For example, on the remote collector node vrops-rmtcol-51 you change the [filelog|ANALYTICS-analytics] section that is related to the logs files of the analytics module as follows.

      [filelog|ANALYTICS-analytics]
      tags = {"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_logtype":"COLLECTOR","vmw_vr_ops_clustername":"vrops-cluster-51", "vmw_vr_ops_clusterrole":"Remote Collector","vmw_vr_ops_nodename":"vrops-rmtcol-51", "vmw_vr_ops_hostname":"vrops-rmtcol-51.lax01.rainpole.local"}
      directory = /data/vcops/log
      include = analytics*.log*
      exclude_fields=hostname
  2. Enable SSH on each node of vRealize Operations Manager.
    1. Open a Web browser and go to https://mgmt01vc51.lax01.rainpole.local/vsphere-client .
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

    3. Under the mgmt01vc51.lax51.rainpole.local vCenter Server, navigate to the virtual appliance for the node.

      Virtual Appliance Name

      Role

      vrops-rmtcol-51

      Remote collector 1

      vrops-rmtcol-52

      Remote collector 2

    4. Right-click the appliance node and select Open Console to open the remote console to the appliance.
    5. Press ALT+F1 to switch to the command prompt.
    6. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrops_root_password

    7. Start the SSH service by running the command.
      service sshd start
    8. Close the virtual appliance console.
  3. Apply the Log Insight agent configuration. 
    1. On the appliance, replace the liagent.ini file in the /var/lib/loginsight-agent folder with the node-specific file on your computer.

      You can use scp, FileZilla or WinSCP.

    2. Restart the Log Insight agent on node by running the following console command as the root user.
      /etc/init.d/liagentd restart
    3. Stop the SSH service on the virtual appliance by running the following command. 
      service sshd stop
  4. Repeat the steps for the second remote collector node.
  5. Configure the Linux Agent Group for the vRealize Operations Manager components from the vRealize Log Insight Web user interface.
    1. Open a Web browser and go to https://vrli-cluster-51.lax01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

    3. Click the configuration drop-down menu icon and select Administration.
    4. Under Management, click Agents.
    5. From the drop-down menu on the top, select vRops 6.x - Sample from the Available Templates section.
    6. Click Copy Template.
    7. In the Copy Agent Group dialog box, enter vRops6 - Agent Group in the name field and click Copy.
    8. In the agent filter fields, enter the following values pressing Enter after each host name.

      Filter

      Operator

      Value

      Hostname

      matches

      • vrops-rmtcol-51.lax01.rainpole.local

      • vrops-rmtcol-52.lax01.rainpole.local

    9. Click Refresh and verify that all the agents in the filter appear in the Agents list.
    10. Click Save New Group at the bottom of the page.
    11. Click the Dashboard tab and select the VMware - vRops 6.x dashboard from the drop-down menu on the left.

Results

You see log information about the operation of the remote collectors of vRealize Operations Manager in Region B on the VMware - vROps 6.x Log Insight dashboards.