Use the inbuilt problem and alert signatures in vRealize Log Insight for vRealize Orchestrator.

About this task

For monitoring the vRealize Orchestrator deployment in the Software-Defined Data Center, you can use the following alerts in vRealize Log Insight.

Table 1. vRealize Orchestrator Alerts in vRealize Log Insight

Alert Name

Purpose

Severity

vRO: Orchestrator STANDBY Alert

The Orchestrator server state switched to STANDBY mode. In general there could be two reasons:

  • There are enough RUNNING nodes in the cluster and current node will stay on standby playing a role of back-up node waiting to switch to RUNNING state if needed.

  • Problems with critical components as database or authentication provider has been detected which prevents the normal functioning of the server node. The current node is considered unhealthy. The server will monitor that critical components and try to recover as soon as the problems are solved. The current work won't accept any new requests and all its workflows will be resumed on other healthy nodes.

Critical

vRO: Invalid Login Alert

Failed login attempt has been detected. The reason could be wrong credentials used to login to the server or there could be malicious attempt to access the server.

Critical

vRO: Orchestrator Reboot Alert

Orchestrator server has been started or rebooted. The cause could be planned reboot or result of unwanted action.

Critical

vRO: Workflow Modification Alert

The content of some workflow has been modified. This could be a planned workflow content update or result of unwanted malicious actions.

Critical

vRO: Orchestrator Workflow Failure Alert

Orchestrator workflow run failures have been detected. This could be due to infrastructure problems with external systems.

Critical

vRO: Configuration Modification Alert   

Some modifications in the configuration elements of the Orchestrator have been detected.

Critical

Procedure

  1. Open the vRealize Log Insight user interface.
    1. Open a Web browser and go to the following URL.

      Region

      vRealize Log Insight URL

      Region A

      https://vrli-cluster-01.sfo01.rainpole.local

      Region B

      https://vrli-cluster-51.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  2. In the vRealize Log Insight user interface, click Interactive Analytics.
  3. Click the icon and select Manage Alerts.
  4. Select the alerts that are related to vRealize Orchestrator.
    1. In the search box of the Alerts dialog box, enter vro as a search phrase.
    2. Select the following alerts from the results. 

      Alert

      vRO: Orchestrator STANDBY Alert

      vRO: Invalid Login Alert

      vRO: Orchestrator Reboot Alert

      vRO: Workflow Modification Alert

      vRO: Orchestrator Workflow Failure Alert

      vRO: Configuration Modification Alert  





  5. Enable the alerts.
    1. In the Alerts dialog box, click Enable
    2. In the Enable Alerts dialog box, configure the following alert settings and click Enable.

      For default object, you select the first vRealize Orchestrator virtual appliance.

      Setting

      Region A

      Region B

      Email

      Email address to send alerts to

      Email address to send alerts to

      Send to vRealize Operations Manager

      Selected

      Selected

      Fallback Object

      vra01vro01a

      vra01vro01a

      Criticality

      critical

      critical





  6. In the Alerts dialog box, set the Raise an alert option for each enabled alert.
    1. Click the Edit button on the first enabled vRealize Orchestrator alert.




    2. In the Edit Alert dialog box, under Raise an alert, select On any match, and click Save.




    3. Repeat the steps for the other enabled alerts.
    4. Close the Alerts dialog box.
  7. Repeat the steps on https://vrli-cluster-51.lax01.rainpole.local to enable alerts for vRealize Orchestrator in Region B.