Assign global permissions to the svc-vrli-vsphere service account to collect log information from the vCenter Server instances and ESXi hosts with vRealize Log Insight. The svc-vrli-vsphere user account is dedicated for collecting log information from vCenter Server and ESXi. 

Procedure

  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. Select Menu > Administration.
  3. In the left pane, select Access control > Roles.
  4. From the Roles provider drop-down menu, select sfo01m01vc01.sfo01.rainpole.local.
  5. Create a role for vRealize Log Insight. 
    1. Select the Read-only role and click the Clone role action icon.

      You clone the Read-only role because it includes the System.AnonymousSystem.View, and System.Read privileges. vRealize Log Insight requires those privileges for accessing log information related to the vCenter Server instances.

    2. In the Clone Role dialog box, in the Role name text box, enter vRealize Log Insight to vSphere Integration and click OK
    3. Select the vRealize Log Insight to vSphere Integration role and click the Edit role action icon. 
    4. In the Edit role dialog box, configure these privileges and click Next.

      Category

      Privilege

      Host

      Configuration.Advanced settings

      Configuration.Change settings

      Configuration.Network configuration

      Configuration.Security profile and firewall

      These host privileges allow vRealize Log Insight to configure the syslog service on the ESXi hosts.

    5. Click Finish.

    The vRealize Log Insight to vSphere Integration role is propagated to the other linked vCenter Server instances.

  6. Associate the service account with the role and assign global permissions to the svc-vrli-vsphere@rainpole.local service account.
    1. In the left pane, select Access control > Global permissions.
    2. Click the Add permission icon, enter these values, and click OK.

    Setting

    Value

    Domain

    rainpole.local

    User/Group

    svc-vrli-vsphere

    Role

    vRealize Log Insight to vSphere Integration

    Propagate to children

    Selected

    The global permissions of the svc-vrli-vsphere@rainpole.local user propagate to all vCenter Server instances.