The files that contain system messages are located on the vRealize Log Insight virtual appliance.

File

Description

/storage/var/loginsight/alert.log

Used to track information about user-defined alerts that have been triggered.

/storage/var/loginsight/apache-tomcat/logs/*.log

Used to track events from Apache Tomcat server.

/storage/var/loginsight/cassandra.log

Used to track cluster configuration storage and replication in Apache Cassandra.

/storage/var/loginsight/plugins/vsphere/li-vsphere.log

Used to trace events related to integration with vSphere Web Client.

/storage/var/loginsight/loginsight_daemon_stdout.log

Used for the standard output of vRealize Log Insight daemon.

/storage/var/loginsight/phonehome.log

Used to track information about trace data collection sent to VMware (if enabled).

/storage/var/loginsight/pi.log

Used to track database start or stop events.

/storage/var/loginsight/runtime.log

Used to track all run time information related to vRealize Log Insight.

/var/log/firstboot/stratavm.log

Used to track the events that occur at first boot and configuration of the vRealize Log Insight virtual appliance.

/storage/var/loginsight/systemalert.log

Used to track information about system notifications that vRealize Log Insight sends. Each alert is listed as a JSON entry.

/storage/var/loginsight/systemalert_worker.log

Used to track information about system notifications that a vRealize Log Insight worker node sends. Each alert is listed as a JSON entry.

/storage/var/loginsight/ui.log

Used to track events related to the vRealize Log Insight user interface.

/storage/var/loginsight/ui_runtime.log

Used to track runtime events related to the vRealize Log Insight user interface.

/storage/var/loginsight/upgrade.log

Used to track events that occur during vRealize Log Insight upgrade.

/storage/var/loginsight/usage.log

Used to track all queries.

/storage/var/loginsight/vcenter_operations.log

Used to track events related to the vRealize Operations Manager integration

/storage/var/loginsight/watchdog_log*

Used to track the run time events of the watch dog process, which is responsible for restarting vRealize Log Insight if it is shutdown for some reason.

Log Messages Related to Security

The ui_runtime.log file contains user audit log messages in the following format.

  • [2013-05-17 20:40:18.716+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Name: admin | Role: admin]

  • [2013-05-17 20:39:51.395+0000] [http-443-5 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Name: admin | Role: admin]

  • [2013-09-18 12:39:34.823-0700] [http-9443-3 WARN /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][Bad username/password attempt (username: myusername)]

  • [2013-09-18 12:40:08.761-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]

  • [ 2013-09-18 12:40:20.232-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]

  • [2013-09-18 12:40:36.933-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged in: Local User: Name=myusername, Role=user]

  • [2013-09-18 12:40:40.429-0700] [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.misc.LoginActionBean][User logged out: Local User: Name=myusername, Role=user

  • [2013-11-13 23:26:21.569+0000] [http-443-4 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]

  • [2013-11-14 22:44:11.017+0000] [http-443-6 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Local User: Name=username, Role=admin]

  • [2013-12-05 21:03:36.751+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed users: [Active Directory User: SAM=username, Domain=vmware.com, UPN=username@vmware.com]]

  • [2013-12-05 21:04:16.707+0000] [http-443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed users: [Local User: Name=username, Role=admin]]

  • [http-9443-3 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new group: (domain=vmware.com, group=VMware Employees, role=user)]

  • [2013-12-05 13:07:04.108-0800] [http-9443-2 INFO /127.0.0.1] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed groups: [(domain=vmware.com, group=VMware Employees, role=user)]]