You enable log forwarding from vRealize Log Insight in Region B to vRealize Log Insight in Region A to prevent lost of Region B related logs in the event of a disaster.

About this task

You provide the following settings for log forwarding to vRealize Log Insight in Region A:

  • Inject the vRealize Log Insight's SSL certificate for Region A into the Java keystore of vRealize Log Insight node in Region B.

  • Target URL, protocol and tagging 

  • Filtering

    Add a filter to avoid forwarding log events back to the Log Insight deployment in Region A. Using a filter prevents from looping when the Log Insight deployments in Region A and Region B forward logs to each other. 

     

  • Disk cache

    Disk cache represents the amount of local disk space you can configure to reserve for buffering events to be forwarded. Buffering is used when the remote destination is unavailable or unable to process the events sent to it. If the local buffer becomes full and the remote destination is still unavailable, the oldest local events are dropped and not forwarded to the remote destination.

Procedure

  1. Import the root certificate in the Java keystore on each vRealize Log Insight node in Region B.
    1. Open an SSH session and go to the vRealize Log Insight node.

      Name

      Role

      lax01vrli01a.lax01.rainpole.local

      Master node

      lax01vrli01b.lax01.rainpole.local

      Worker node 1

      lax01vrli01c.lax01.rainpole.local

      Worker node 2

    2. Log in using the following credentials.

      Name

      Role

      User name

      root

      Password

      vrli_regionB_root_password

    3. Create a working directory on the vRealize Log Insight node.
      mkdir /tmp/ssl
      cd /tmp/ssl
    4. Extract the root certificate from the destination vRealize Log Insight in Region A.
      echo "" | openssl s_client -showcerts -servername sfo01vrli01a.sfo01.rainpole.local -connect sfo01vrli01a.sfo01.rainpole.local:443 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.pem
      csplit -f individual- cert.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
      root_cert=$(ls individual-* | sort -n -t- | tail -1)
      cp -f -- "$root_cert" root.crt
    5. Import the root.crt in the Java keystore of the vRealize Log Insight node.
      cd /usr/java/default/lib/security/ 
      ../../bin/keytool -import -alias loginsight -file /tmp/ssl/root.crt -keystore cacerts
    6. When prompted for a keystore password, type changeit.
    7. When prompted to accept the certificate, type yes.
    8. Reboot the vRealize Log Insight node by executing the following command
      reboot
    9. Wait until the vRealize Log Insight node finished rebooting.
    10. Repeat this operation on all vRealize Log Insight nodes in Region B.
  2. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://lax01vrli01.lax01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  3. In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.
  4. Under Management, click Event Forwarding.
  5. On the Event Forwarding page, click New Destination and enter the following forwarding settings in the New Destination dialog box.

    Forwarding Destination Option

    Value

    Name

    LAX01 to SFO01

    Host

    sfo01vrli01.sfo01.rainpole.local

    Protocol

    Ingestion API

    Use SSL

    Selected

    Tags

    site='LAX01'

    Filter

    Filter Type

    site

    Operator

    does not match

    Value

    'SFO01'

    Advanced Settings

    Port

    9543

    Disk Cache

    2000 MB

    Worker Count

    8

  6. In the New Destination dialog box, click Test to verify that the connection settings are correct.
  7. Click Save to save the forwarding new destination.

Results

The Event Forwarding page in the vRealize Log Insight user interface starts showing a summary of the forwarded events.