Install and configure the vRealize Log Insight agent on each Workspace ONE Access node to send audit logs and system events to vRealize Log Insight.

To install the vRealize Log Insight agent, you use the .rpm file that you previously downloaded. See Download the vRealize Log Insight Agent.

Table 1. Workspace ONE Access Nodesregion-specific

Type

FQDN

Region-specific

sfo01wsa01.sfo01.rainpole.local

Cross-region

wsa01svr01a.rainpole.local

wsa01svr01b.rainpole.local

wsa01svr01c.rainpole.local

Procedure

  1. Log in to the region-specific Workspace ONE Access instance in Region A by using a Secure Shell (SSH) client.
    Setting Value
    FQDN sfo01wsa01.sfo01.rainpole.local
    User name sshuser
    Password sfo01wsa01_sshuser_password
  2. Change to root user and provide the password at the prompt. 
    su -
  3. Copy the .rpm file of the vRealize Log Insight Linux agent to the /tmp folder on the Workspace ONE Access appliance.

    You can use SCP, FileZilla, or WinSCP.

  4. Run the command to install the agent. 
    rpm -i /tmp/VMware-Log-Insight-Agent-version-build.noarch_192.168.31.10.rpm
  5. Configure the vRealize Log Insight agent on the Workspace ONE Access node.
    1. Edit the liagent.ini file on the Workspace ONE Access node by using a text editor such as vi. 
      vi /var/lib/loginsight-agent/liagent.ini
    2. Locate the [server] section, remove the comments for the following parameters, and insert the following values. 
      [server]
; Log Insight server hostname or ip address
; If omitted the default value is LOGINSIGHT
hostname=sfo01vrli01.sfo01.rainpole.local
; Set protocol to use:
; cfapi - Log Insight REST API
; syslog - Syslog protocol
; If omitted the default value is cfapi
;
proto=cfapi
; Log Insight server port to connect to. If omitted the default value is:
; for syslog: 512
; for cfapi without ssl: 9000
; for cfapi with ssl: 9543
port=9000
;ssl - enable/disable SSL. Applies to cfapi protocol only.
; Possible values are yes or no. If omitted the default value is no.
ssl=no
    3. Press Escape and enter :wq! to save the file.
    4. Run the command to restart the vRealize Log Insight agent on the node. 
      /etc/init.d/liagentd restart
    5. Run the command to verify that the vRelize Log Insight agent is running. 
      /etc/init.d/liagentd status
  6. Repeat the procedure for each cross-region Workspace ONE Access node.