As the second task in the scenario, you configure a Linux VM to receive all event logs in the vRealize Log Insight server. You can then explore the events in the vRealize Log Insight dashboards.

Prerequisites

Enable Secure Shell (SSH) on the Linux virtual machine that you want to forward logs from.

Procedure

  1. Download the Log Insight Agent for Linux to a Windows host that has access to your data center.
    1. Click the configuration icon and select Administration.
    2. Under Management, click Agents.
    3. On the Agents page, click the Download Log Insight Agent link.
    4. In the Download Log Insight Agent dialog box, click the link for the Linux distribution.
  2. Copy the Log Insight Agent file from the host to the Linux VM.

    You can use scp software.

  3. Install the Log Insight Agent on the Linux virtual machine
    1. Open an SSH connection to the Linux VM.
    2. Install the Log Insight Agent package using the command for your Linux distribution.

      For example:

      rpm -ivh VMware-Log-Insight-Agent-4.4.0-5339860.noarch_192.168.31.10.rpm
    3. Stop the Log Insight agent.
      /etc/init.d/liagentd stop
    4. Edit the liagent.ini file using a text editor such as vi.
      vi /var/lid/loginsight-agent/liagent.ini
    5. Add the following information to the [server] section.
      [server]
      hostname = sfo01vrli01.sfo01.rainpole.local
      proto = cfapi
      port = 9000
      ssl = no
    6. Press ESC and enter :wq! to save the file.
    7. Start the Log Insight agent.
      /etc/init.d/liagentd start
    8. Verify that the Log Insight agent is running.
      /etc/inti.d/liagentd status
  4. Install the vRealize Log Insight Content Pack for Linux.
    1. In the vRealize Log Insight user interface, click the configuration icon and select Content Packs.
    2. Under Content Pack Marketplace, select Marketplace.
    3. In the list of content packs, locate the Linux content pack and click its icon.
    4. In the Install Content Pack dialog box, click Install.
  5. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://sfo01vrli01.sfo01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  6. Configure an agent group for Log Insight Linux Agents from the vRealize Log Insight Web user interface.
    1. On the Log Insight Web user interface, click the configuration icon and select Administration.
    2. Under Management, click Agents.
    3. From the drop-down menu at the top, select Linux from the Available Templates section.
    4. Click Copy Template.
    5. In the Copy Agent Group dialog box, enter Linux Agent Group in the Name text box and click Copy.
    6. In the agent filter text boxes, use the following selections and click Save New Group.

      Filter

      Operator

      Value

      OS

      starts with

      CentOS

  7. Verify that the vRealize Log Insight server is receiving the log events from the Linux VM.
    1. Click Dashboards.
    2. In the vRealize Log Insight user interface, select General from the Content Pack Dashboards drop-down menu.
    3. Click Log Insight Agents in the left pane.
    4. (Optional) Configure specific host events by selecting hostname and criteria starts with and entering the host name.