Install and configure the vRealize Log Insight agent on each Workspace ONE Access node to send audit logs and system events to vRealize Log Insight.

To install the vRealize Log Insight agent, you use the .rpm file that you previously downloaded. See Download the vRealize Log Insight Agent.

Table 1. Workspace ONE Access Nodesregion-specific

Type	FQDN
Region-specific	sfo01wsa01.sfo01.rainpole.local
Cross-region	wsa01svr01a.rainpole.local
	wsa01svr01b.rainpole.local
	wsa01svr01c.rainpole.local

1. Log in to the region-specific Workspace ONE Access instance in Region A by using a Secure Shell (SSH) client.

   Setting	Value
   FQDN	sfo01wsa01.sfo01.rainpole.local
   User name	sshuser
   Password	sfo01wsa01_sshuser_password

2. Change to root user and provide the password at the prompt.

   su -

3. Copy the .rpm file of the vRealize Log Insight Linux agent to the /tmp folder on the Workspace ONE Access appliance.

   You can use SCP, FileZilla, or WinSCP.

4. Run the command to install the agent.

   rpm -i /tmp/VMware-Log-Insight-Agent-version-build.noarch_192.168.31.10.rpm

5. Configure the vRealize Log Insight agent on the Workspace ONE Access node.
   1. Edit the liagent.ini file on the Workspace ONE Access node by using a text editor such as vi.

      vi /var/lib/loginsight-agent/liagent.ini

   2. Locate the [server] section, remove the comments for the following parameters, and insert the following values.

      [server]
      ; Log Insight server hostname or ip address
      ; If omitted the default value is LOGINSIGHT
      hostname=sfo01vrli01.sfo01.rainpole.local
      ; Set protocol to use:
      ; cfapi - Log Insight REST API
      ; syslog - Syslog protocol
      ; If omitted the default value is cfapi
      ;
      proto=cfapi
      ; Log Insight server port to connect to. If omitted the default value is:
      ; for syslog: 512
      ; for cfapi without ssl: 9000
      ; for cfapi with ssl: 9543
      port=9000
      ;ssl - enable/disable SSL. Applies to cfapi protocol only.
      ; Possible values are yes or no. If omitted the default value is no.
      ssl=no

   3. Press Escape and enter :wq! to save the file.
   4. Run the command to restart the vRealize Log Insight agent on the node.

      /etc/init.d/liagentd restart

   5. Run the command to verify that the vRelize Log Insight agent is running.

      /etc/init.d/liagentd status

6. Repeat the procedure for each cross-region Workspace ONE Access node.