You enable log forwarding from vRealize Log Insight in Region A to vRealize Log Insight in Region B to prevent loss of Region A-related logs in the event of a disaster.

Provide the following settings for log forwarding to vRealize Log Insight in Region B:
  • Inject the vRealize Log Insight SSL certificate for Region B into the Java keystore of vRealize Log Insight node in Region A.
  • Target URL, protocol, and tagging.
  • Disk cache

    Disk cache represents the amount of local disk space you can configure to reserve for buffering events to be forwarded. Buffering is used when the remote destination is unavailable or unable to process the events sent to it. If the local buffer becomes full while the remote destination is still unavailable, the oldest local events are dropped and not forwarded to the remote destination. 

Procedure

  1. Import the SSL certificate of vRealize Log Insight for Region B into the Java keystore of vRealize Log Insight node in Region A.
    1. Open an SSH session to the vRealize Log Insight node.
      Name Role
      sfo01vrli01a.sfo01.rainpole.local Master node
      sfo01vrli01b.sfo01.rainpole.local Worker node 1
      sfo01vrli01c.sfo01.rainpole.local Worker node 2
    2. Log in using the following credentials.
      Setting Value
      User name root
      Password vrli_regionA_root_password
    3. Create a working directory on the vRealize Log Insight node. 
      mkdir /tmp/ssl 
cd /tmp/ssl
    4. Extract the root certificate from the destination vRealize Log Insight in the Region B. 
      echo "" | openssl s_client -showcerts -servername lax01vrli01a.lax01.rainpole.local -connect lax01vrli01a.lax01.rainpole.local:443 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.pem
csplit -f individual- cert.pem '/-----BEGIN CERTIFICATE-----/' '{*}' 
root_cert=$(ls individual-* | sort -n -t- | tail -1)
cp -f -- "$root_cert" root.crt
    5. Import the root.crt file in the Java keystore of the vRealize Log Insight node. 
      cd /usr/java/default/lib/security/ 

../../bin/keytool -import -alias loginsight -file /tmp/ssl/root.crt -keystore cacerts
    6. Enter changeit, when prompted for a keystore password.
    7. Enter yes, when prompted to accept the certificate.
    8. Reboot the vRealize Log Insight node by running the following command. 
      reboot
    9. Wait until the vRealize Log Insight node finishes rebooting.
    10. Repeat this operation on all vRealize Log Insight nodes in Region A.
  2. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://sfo01vrli01.sfo01.rainpole.local.
    2. Log in using the following credentials.
      Setting Value
      User name admin
      Password deployment_admin_password
  3. In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.
  4. Under Management, click Event Forwarding.
  5. On the Event Forwarding page, click New Destination and in the New Destination dialog box, enter the following forwarding settings. 
    Forwarding Destination Setting Value
    Name SFO01 to LAX01
    Host lax01vrli01.lax01.rainpole.local
    Protocol Ingestion API
    Use SSL Selected
    Tags site=SFO01
    Advanced Settings
    Port 9543
    Disk Cache 2000 MB
    Worker Count 8
  6. In the New Destination dialog box, click Test to verify that the connection settings are correct.
  7. Click Save to save the forwarding new destination.

Results

The Event Forwarding page in the vRealize Log Insight user interface starts showing a summary of the forwarded events.