You can forward logs from vRealize Automation to vRealize Log Insight to take advantage of more robust log analysis and report generation.

vRealize Automation is bundled with a fluentd-based logging agent. The agent collects and stores logs so that they can be included in a log bundle and examined later. You can configure the agent to forward a copy of the logs to a vRealize Log Insight server by using the vRealize Log Insight REST API. The API allows other programs to communicate with vRealize Log Insight.

For more information about vRealize Log Insight, including documentation for the vRealize Log Insight REST API, see vRealize Log Insight documentation.

Configure the logging agent to continuously forward vRealize Automation logs to vRealize Log Insight by using the supplied vracli command line utility.

All log lines are tagged with a host name and environment tag and can be examined in vRealize Log Insight. In a high availability (HA) environment, logs are tagged with different host names, depending on the node that they originated on. The environment tag is configurable by using the --environment ENV option as described below in the Configure or update integration of vRealize Log Insight section. In an HA environment, the environment tag has the same value for all log lines, regardless of the node they originated on.

Information about how to use the vracli command line utility is available by using the --help argument in the vracli command line. For example: vracli vrli --help.

Note: You can only configure a single remote logging integration. vRealize Log Insight is prioritized in the event that both a vRealize Log Insight server and a syslog server are available.

Check existing configuration of vRealize Log Insight

Command

vracli vrli

Arguments

There are no command line arguments.

Output

The current configuration for vRealize Log Insight integration is output in JSON format.

Exit codes
The following exit codes are possible:
  • 0 - Integration with vRealize Log Insight is configured.
  • 1 - An exception occurred as part of command execution. Examine the error message for details.
  • 61 (ENODATA) - Integration with vRealize Log Insight is not configured. Examine the error message for details.
Example - check integration configuration
$ vracli vrli
No vRLI integration configured
 
$ vracli vrli
{
    "agentId": "0",
    "environment": "prod",
    "host": "my-vrli.local",
    "port": 9543,
    "scheme": "https",
    "sslVerify": false
}

Configure or update integration of vRealize Log Insight

Command

vracli vrli set [options] IP_OR_URL

Note: After you run the command, it can take up to 2 minutes for the logging agent to apply your specified configuration.
Arguments
  • IP_OR_URL

    Specifies the IP or URL address of the vRealize Log Insight server to use for posting logs. Port 9543 and https are used by default. If any of these settings must be changed, you can use a URL instead.

    Note:
    You can set a different host scheme (default is https) and port (default for https is 9543, default for http is 9000) to use for sending the logs, as shown in the following samples:
    vracli vrli set https://IP:9543
    vracli vrli set --insecure IP
    vracli vrli set http://http://IP:9000

    Ports 9543 for https and 9000 for http are used by the vRealize Log Insight ingestion REST API as described in the Administering vRealize Log Insight topic Ports and External Interfaces in vRealize Log Insight documentation.

  • Options
    • --agent-id SOME_ID

      Sets the id of the logging agent for this appliance. The default is 0. Used to identify the agent when posting logs to vRealize Log Insight by using the vRealize Log Insight REST API.

    • --environment ENV

      Sets an identifier for the current environment. It will be available in vRealize Log Insight logs as a tag for each log entry. The default is prod.

    • --ca-file /path/to/server-ca.crt

      Specifies a file that contains the certificate of the certificate authority (CA) that was used to sign the certificate of the vRealize Log Insight server. This forces the logging agent to trust the specified CA and enable it to verify the certificate of the vRealize Log Insight server if it was signed by an untrusted authority. The file may contain a whole certificate chain to verify the certificate. In the case of a self-signed certificate, pass the certificate itself.

    • --ca-cert CA_CERT

      Definition is identical to that of --ca-file as above, but instead passes the certificate (chain) inline as string.

    • --insecure

      Deactivates SSL verification of the server certificate. This forces the logging agent to accept any SSL certificate when posting logs.

  • Advanced options
    • --request-max-size BYTES

      Multiple log events are ingested with a single API call. This argument controls the maximum payload size, in bytes, for each request. Valid values are between 4000 and 4000000. The default value is 256000. For related information for allowed values, see vRealize Log Insight events ingestion in the vRealize Log Insight REST API documentation. Setting this value too low can cause logging events that are larger than the allowed size to be dropped.

    • --request-timeout SECONDS

      A call to the API can hang for a number of reasons including problems with the remote, networking issues,and so on. This parameter controls the number of seconds wait for each operation to complete, such as opening a connection, writing data, or awaiting a response, before the call is recognized as failed. The value cannot be less than 1 second. The default is 30.

    • --request-immediate-retries RETRIES

      Logs are buffered in aggregated chunks before they are sent to vRealize Log Insight (see --buffer-flush-thread-count below). If an API request fails, the log is retried immediately. The default number of immediate retries is 3. If none of the retries is successful, then the whole log chunk is rolled back and is retried again later.

    • --request-http-compress

      To lower network traffic volumes, you can apply gzip compression to requests that are sent to the vRealize Log Insight server. If this parameter is not specified, no compression is used.

    • --buffer-flush-thread-count THREADS

      For better performance and to limit networking traffic, logs are buffered locally in chunks before they are flushed and sent to the log server. Each chunk contains logs from a single service. Depending on your environment, chunks can grow large and time-consuming to flush. This argument controls the number of chunks that can be flushed simultaneously. The default is 2.

Note:

When configuring integration over https, if the vRealize Log Insight server is configured to use an untrusted certificate such as a self-signed certificate or a certificate that was signed by an untrusted authority, you must use one of the --ca-file, --ca-cert or --insecure options or the logging agent fails to validate the server identity and does not send logs. When using --ca-file or --ca-cert, the vRealize Log Insight server certificate must be valid for the server's host name. In all cases, verify the integration by allowing a few minutes for processing and then checking that vRealize Log Insight received the logs.

Output

No output is expected.

Exit codes
The following exit codes are possible:
  • 0 - The configuration was updated.
  • 1 - An exception occurred as part of the execution. Examine the error message for details.
Examples - Configure or update integration configuration
$ vracli vrli set my-vrli.local 
 
$ vracli vrli set 10.20.30.40
 
$ vracli vrli set --ca-file /etc/ssl/certs/ca.crt 10.20.30.40
 
$ vracli vrli set --ca-cert "$(cat /etc/ssl/certs/ca.crt)" 10.20.30.40
 
$ vracli vrli set --insecure http://my-vrli.local:8080
 
$ vracli vrli set --agent-id my-vrli-agent my-vrli.local
$ vracli vrli set --request-http-compress
$ vracli vrli set --environment staging my-vrli.local
  
$ vracli vrli set --environment staging --request-max-size 10000 --request-timeout 120 --request-immediate-retries 5 --buffer-flush-thread-count 4 my-vrli.local

Clear integration of vRealize Log Insight

Command

vracli vrli unset

Note: After you run the command, it can take up to 2 minutes for the logging agent to apply your specified configuration.
Arguments

There are no command line arguments.

Output

Confirmation is output in plain text format.

Exit codes
The following exit codes are available:
  • 0 - The configuration was cleared or no configuration existed.
  • 1 - An exception occurred as part of the execution. Examine the error message for details.
Examples - Clear integration
$ vracli vrli unset
Clearing vRLI integration configuration
 
$ vracli vrli unset
No vRLI integration configured