The svc-vrli service account is dedicated to collecting log information from vCenter Server and ESXi.  Assign global permissions to the svc-vrli service account to collect log information from the vCenter Server instances and ESXi hosts with vRealize Log Insight.


  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.



      User name




  2. From the Home menu, select Administration.
  3. Under Access Control, click Roles
  4. Create a custom role for vRealize Log Insight. 
    1. Select Read-only and click the Clone icon.

      You clone the Read-only role because it includes the System > AnonymousSystem > View, and System > Read privileges. vRealize Log Insight requires those privileges for accessing log information related to the vCenter Server instances.

    2. In the Clone Role Read-only dialog box, complete the configuration of the role and click OK



      Role name

      Log Insight User


      • Host > Configuration > Advanced settings

      • Host > Configuration > Change settings

      • Host > Configuration > Network configuration

      • Host > Configuration > Security profile and firewall

      These privileges allow vRealize Log Insight to configure the syslog service on the ESXi hosts.

      The Log Insight User role is propagated to other linked vCenter Server instances.

  5. Assign global permissions to the svc-vrli@rainpole.local service account.
    1. In the vSphere Web Client, select Administration from the Home menu and click Access Control > Global Permissions.
    2. On the Manage tab, click Add Permission
    3. In the Global Permissions Root - Add Permission dialog box, click Add to associate a user or a group with a role. 
    4. In the Select Users/Groups dialog box, from the Domain drop-down menu, select rainpole.local, in the filter box type svc, and press Enter. 
    5. From the list of users and groups, select the svc-vrli user, click Add, and click OK.
    6. In the Add Permission dialog box, from the Assigned Role drop-down menu, select Log Insight User, select Propagate to children, and click OK.

      The global permissions of the svc-vrli@rainpole.local user propagate to all vCenter Server instances.