Assign global permissions to the svc-vrli-vsphere service account to collect log information from the vCenter Server instances and ESXi hosts with vRealize Log Insight. The svc-vrli-vsphere user account is dedicated to collecting log information from vCenter Server and ESXi. 

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. From the Home menu, select Administration and click Roles under Access Control.
  3. Create a role for vRealize Log Insight. 
    1. From Roles provider drop-down menu, select sfo01w01vc01.sfo01.rainpole.local
    2. Select Read-only and click the Clone role action icon.

      You clone the Read-only role because it includes the System > AnonymousSystem > View, and System > Read privileges. vRealize Log Insight requires those privileges for accessing log information related to the vCenter Server instances.

    3. In the Clone Role Read-only dialog box, complete the configuration of the role and click OK

      Setting

      Description

      Role name

      vRealize Log Insight User

      Privilege

      • Host > Configuration > Advanced settings

      • Host > Configuration > Change settings

      • Host > Configuration > Network configuration

      • Host > Configuration > Security profile and firewall

      These host privileges allow vRealize Log Insight to configure the syslog service on the ESXi hosts.

      Note:

      The vRealize Log Insight User role is propagated to other linked vCenter Server instances.

  4. Assign global permissions to the svc-vrli-vsphere@rainpole.local service account.
    1. In the vSphere Web Client, select Administration from the Home menu and click Global Permissions under Access Control.
    2. On the Manage tab, click Add Permission
    3. In the Global Permissions Root - Add Permission dialog box, click Add to associate a user or a group with a role. 
    4. In the Select Users/Groups dialog box, from the Domain drop-down menu, select rainpole.local, in the filter box type svc, and press Enter. 
    5. From the list of users and groups, select the svc-vrli-vsphere user, click Add, and click OK.
    6. In the Add Permission dialog box, from the Assigned Role drop-down menu, select vRealize Log Insight User, select Propagate to children, and click OK.
      Note:

      The global permissions of the svc-vrli-vsphere@rainpole.local user propagate to all vCenter Server instances.