You enable log forwarding from vRealize Log Insight in the ROBO to vRealize Log Insight in Region A and Region B to avoid losing ROBO-related logs in the event of disaster.

About this task

You provide the following settings for log forwarding to vRealize Log Insight in Region B:

  • Inject the SSL certificate for Region A and B in the Java keystore of each vRealize Log Insight node in ROBO.

  • Target URL, protocol and tagging 

  • Disk cache

    Disk cache represents the amount of local disk space to reserve for buffering events that you configure to be forwarded. Buffering is used when the remote destination is unavailable or unable to process the events being sent to it. If the local buffer becomes full and the remote destination is still unavailable, then the oldest local events are dropped and not forwarded to the remote destination even when the remote destination is back online. 

Procedure

  1. Import the root certificate from the vRealize Log Insight instance in Region A of the hub in the Java keystore on each vRealize Log Insight node in the ROBO.
    1. Open an SSH session to the vRealize Log Insight node.

      Name

      Role

      nyc01vrli01.rainpole.local

      Master node

      nyc01vrli02.rainpole.local

      Worker node 1

      nyc01vrli03.rainpole.local

      Worker node 2

    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrli_regionA_root_password

    3. Create a working directory on the vRealize Log Insight node.
      mkdir /tmp/ssl
      cd /tmp/ssl
    4. Extract the root certificate from the destination vRealize Log Insight in the hub.
      echo "" | openssl s_client -showcerts -servername vrli-mstr-01.sfo01.rainpole.local -connect vrli-mstr-01.sfo01.rainpole.local:443 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.pem 
      
      csplit -f individual- cert.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
      
      root_cert=$(ls individual-* | sort -n -t- | tail -1)
      
      cp -f -- "$root_cert" root.crt
    5. Import the root.crt in the Java keystore of the vRealize Log Insight node.
      cd /usr/java/default/lib/security/ 
      
      ../../bin/keytool -import -alias loginsight -file /tmp/ssl/root.crt -keystore cacerts
    6. When prompted for a keystore password, type changeit
    7. When prompted to accept the certificate, type yes .
  2. Run reboot to restart the appliance.
  3. Repeat 1 to 2 on the other vRealize Log Insight nodes in the ROBO.

    Wait until all appliances are running again.

  4. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://nyc01vrli01-cluster01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  5. In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.
  6. Under Management, click Event Forwarding.
  7. On the Event Forwarding page, click New Destination and enter the following forwarding settings in the New Destination dialog box. 

    Forwarding Destination Setting

    Value

    Name

    NYC01 to SFO01

    Host

    vrli-cluster-01.sfo01.rainpole.local

    Protocol

    Ingestion API

    Use SSL

    Selected

    Tags

    site='NYC01'

    Advanced Settings

    Port

    9543

    Disk Cache

    2000 MB

    Worker Count

    8

     



  8. In the New Destination dialog box, click Test to verify that the connection settings are correct.
  9. Click Save to save the forwarding new destination.

Results

The Event Forwarding page in the vRealize Log Insight user interface starts showing a summary of the forwarded events.