After you install the content pack for vRealize Operations Manager, configure the Log Insight agent on the remote collector nodes of vRealize Operations Manager in Region B to send audit logs and system events to vRealize Log Insight. 

Procedure

Configure the Log Insight agent in vRealize Operation Manager.
  1. Open an SSH connection to the vRealize Operations Manager appliances using the following settings.

    Setting

    Value

    Hostname

    • nyc01vropsc01a.rainpole.local

    • nyc01vropsc01b.rainpole.local

    User name

    root

    Password

    vrops_root_password

  2. Edit the liagent.ini file on each vRealize Operations Manager node using a text editor such as vi.
    vi /var/lib/loginsight-agent/liagent.ini
  3. Locate the [server] section and uncomment the following parameters.
    [server] 
    ; Log Insight server hostname or ip address 
    ; If omitted the default value is LOGINSIGHT 
    hostname=nyc01vrli01.rainpole.local 
    ; Set protocol to use: 
    ; cfapi - Log Insight REST API 
    ; syslog - Syslog protocol 
    ; If omitted the default value is cfapi 
    proto=cfapi 
    ; Log Insight server port to connect to. If omitted the default value is: 
    ; for syslog: 512 
    ; for cfapi without ssl: 9000 
    ; for cfapi with ssl: 9543 
    port=9000 
    ;ssl - enable/disable SSL. Applies to cfapi protocol only. 
    ; Possible values are yes or no. If omitted the default value is no. 
    ssl=no 
    ; Time in minutes to force reconnection to the server 
    ; If omitted the default value is 30 
    ;reconnect=30
  4. After the [server] section, add the following block on each vRealize Operations Manager Remote Collector node.
    [common|global]
    tags={"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_clustername":"vrops01svr01arainpolelocal", "vmw_vr_ops_clusterrole":"Remote Collector", "vmw_vr_ops_nodename":"<Your vROPS Node Name Here>", "vmw_vr_ops_hostname":"<Your vROPS Hostname Here>"}
  5. Modify the following parameters for each node.

    Parameter

    Description

    Location in liagent.ini

    vmw_vr_ops_nodename

    IP address or FQDN of the vRealize Operations Manager node

    Replace each <Your VROPS Node Name Here> with the following names:

    • nyc01vropsc01a

    • nyc01vropsc01b

    vmw_vr_ops_hostname

    Name of the vRealize Operations Manager node that is set during node initial configuration

    Replace each <Your VROPS Hostname Here> with the following names:

    • nyc01vropsc01a.rainpole.local

    • nyc01vropsc01b.rainpole.local

    For example, on the first remote collector node you change the [common|global] section to add context to the logs that are sent to the vRealize Log Insight cluster:

    [common|global] 
    tags={"vmw_vr_ops_appname":"vROps", "vmw_vr_ops_clustername":"vrops01svr01arainpolelocal", "vmw_vr_ops_clusterrole":"Remote Collector", "vmw_vr_ops_nodename":"nyc01vropsc01a", "vmw_vr_ops_hostname":"nyc01vropsc01a.rainpole.local"}
  6. After the [common|global] section, add the following block on each vRealize Operations Manager Remote Collector node.
    [filelog|COLLECTOR]
    event_marker = ^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
    directory = /usr/lib/vmware-vcops/user/log
    include = collector*.log*
    tags = {"vmw_vr_ops_logtype":"COLLECTOR"}
    exclude = collector-wrapper.log*;collector-gc*.log*
    
    [filelog|COLLECTOR-GC]
    include = collector-gc-*.log*
    directory = /usr/lib/vmware-vcops/user/log
    event_marker = ^\d{4}-\d{2}-\d{2}
    tags = {"vmw_vr_ops_logtype":"COLLECTOR"}
    
    [filelog|COLLECTOR_wrapper]
    tags = {"vmw_vr_ops_logtype":"COLLECTOR"}
    directory = /usr/lib/vmware-vcops/user/log
    include = collector-wrapper.log*
    event_marker = ^[DEBUG|ERROR|FATAL|INFO|TRACE|WARN|STATUS ]
    
    [filelog|ADAPTERS]
    include = *.log*
    event_marker = ^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
    tags = {"vmw_vr_ops_logtype":"ADAPTER"}
    directory = /data/vcops/log/adapters/*
    
    [filelog|SUITEAPI]
    include = api.log*;http_api.log*;profiling_api.log*;api-gc.log*
    event_marker = ^\d{4}-\d{2}-\d{2}
    tags = {"vmw_vr_ops_logtype":"SUITEAPI"}
    directory = /usr/lib/vmware-vcops/user/log
    
    [filelog|SUITEAPI-api]
    directory = /usr/lib/vmware-vcops/user/log/suite-api
    tags = {"vmw_vr_ops_logtype":"SUITEAPI"}
    event_marker = ^\d{2}-\w{3}-\d{4}[\s]\d{2}:\d{2}:\d{2}\.\d{3}
    include = catalina*.log*;localhost*.log*
    
    [filelog|ADMIN_UI-casa-catalina]
    event_marker = ^\w{3}[\s]\d{1,}
    directory = /usr/lib/vmware-vcops/user/log/casa
    tags = {"vmw_vr_ops_logtype":"ADMIN_UI"}
    include = catalina.out
    
    [filelog|ADMIN_UI-casa]
    directory = /usr/lib/vmware-vcops/user/log/casa
    tags = {"vmw_vr_ops_logtype":"ADMIN_UI"}
    include = *.log*
    event_marker = ^\d{4}-\d{2}-\d{2}
    exclude = catalina*;localhost*
    
    [filelog|ADMIN_UI-casa-catalina-log-localhost-log]
    include = catalina.*.log;localhost.*.log
    exclude = localhost_access_log.*
    tags = {"vmw_vr_ops_logtype":"ADMIN_UI"}
    event_marker = ^\d{2}-\w{3}-\d{4}[\s]
    directory = /usr/lib/vmware-vcops/user/log/casa
    
    [filelog|ADMIN_UI-localhost_access]
    directory = /usr/lib/vmware-vcops/user/log/casa
    include = localhost_access_log.*
    tags = {"vmw_vr_ops_logtype":"ADMIN_UI"}
    
    [filelog|TOMCAT_WEBAPP]
    tags = {"vmw_vr_ops_logtype":"TOMCAT_WEBAPP"}
    include = localhost_access_log.*.txt
    directory = /data/vcops/log/product-ui
    
    [filelog|CALL_STACK]
    event_marker = ^[^\s]
    tags = {"vmw_vr_ops_logtype":"CALL_STACK"}
    include = collector*.txt
    directory = /usr/lib/vmware-vcops/user/log/callstack
    
    [filelog|GEMFIRE]
    event_marker = ^\d{4}-\d{2}-\d{2}
    include = gemfire*.log*
    tags = {"vmw_vr_ops_logtype":"GEMFIRE"}
    directory = /usr/lib/vmware-vcops/user/log
    
    [filelog|GEMFIRE-2]
    tags = {"vmw_vr_ops_logtype":"GEMFIRE"}
    directory = /usr/lib/vmware-vcops/user/log
    include = gemfire-locator*.log;gemfire_vRealize*.log
    event_marker = ^\[
    exclude = *.marker;*.gfs;*wrapper.log*;gemfire-wrapper.log*
    
    [filelog|OTHER-watchdog-log]
    directory = /usr/lib/vmware-vcops/user/log/vcops-watchdog
    tags = {"vmw_vr_ops_logtype":"OTHER"}
    event_marker = ^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
    include = vcops-watchdog*.log
    
    [filelog|OTHER-misc]
    directory = /usr/lib/vmware-vcops/user/log
    event_marker = ^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}
    include = system-exit-*.log;zeroTimestampLogger-*.log;vcopsConfigureRoles.log*;cassandradbupgrade.log;centralsqldbupgrade.log;dbupgrade.log;restartHttpd.log;activate_web_certificate.log;oom-handlercassandra.log;ip_version_configurator_*.log;upgradeVsutilitiesConfigs.py.log;hisdbupgrade.log;installer-tools.log;his-lock-trace-*.log;actions-data-*.log;LRUCacheProfiler-*.log*;datapurging-*.log.*;setVSUtilitiesPermissions.py.log;hafailover-*.log;deletedMetricKeys-*.log;placement-*.log;bm-controller.log;cassandraquery-*.log;cassandradriver-*.log;shardingManager-*.log;fsdbaccessor-*.log;actionScheduler-*.log;casa.audit*.log*;function-invocation-counter-*.log;onlineCapacity-*.log;functioncalls-*.log;opsapi.audit*.log*;distributed*.log*
    tags = {"vmw_vr_ops_logtype":"OTHER"}
    
    [filelog|OTHER-misc-singlelines]
    include = evn-checker.log*;delete_tomcat_logs.log;tomcat-enterprise-wrapper.log;metagemfire*.
    log*;ui-gc.log.*
    tags = {"vmw_vr_ops_logtype":"OTHER"}
    directory = /usr/lib/vmware-vcops/user/log
    
    [filelog|OTHER-TELEMETRY]
    include = telemetry.log*
    directory = /usr/lib/vmware-vcops/user/log
    event_marker = ^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}
    tags = {"vmw_vr_ops_logtype":"TELEMETRY"}
    Note:

    Ensure that there are no extra carriage returns after a long line. Each [] section must have lines in a value = value format, example tags = {"something"}. Pay close attention to the [filelog|OTHER-misc] section's include.

  7. Press Escape and enter :wq! to save the file.
  8. Restart the Log Insight agent on node by running the following console command.
    /etc/init.d/liagentd restart
  9. Verify that the Log Insight agent is running.
    /etc/init.d/liagentd status
  10. Repeat the steps for the second remote collector node.

Results

You see log information about the operation of the remote collectors of vRealize Operations Manager in ROBO on the VMware - vROps 6.7 Log Insight dashboards.