You can set or change the target vRealize Log Insight server that the vRealize Log Insight Linux agent sends events to. You can send events to one or more destinations.

About this task

Multiple destination connections are defined through the [server|<dest_id>] section of the li-agent.ini file, where <dest_id> is a unique per configuration connection id. You can use the same options for additional destinations as for the default [server] section. However, additional destinations should not be configured for auto-upgrade and the destination servers cannot be used for agent configuration. You can specify two additional destinations.

When you define additional [server] sections, you must specify a hostname. By default, the agent sends all collected events to all destinations. You can filter events to send different events to different destinations.


  • Log in as root or use sudo to run console commands.

  • Log in to the Linux machine on which you installed the vRealize Log Insight Linux agent, open a console and run pgrep liagent to verify that the vRealize Log Insight Linux agent is installed and running.

  • If you have a vRealize Log Insight cluster with an enabled Integrated Load Balancer, see Enable Integrated Load Balancer for custom SSL certificate-specific requirements.


  1. Open the /var/lib/loginsight-agent/liagent.ini file in any text editor.
  2. Modify the following parameters and set the values for your environment.




    Protocol that the agent uses to send events to the vRealize Log Insight server. The possible values are cfapi and syslog.

    The default is cfapi.


    IP address or host name of the vRealize Log Insight virtual appliance.

    You can specify an IPv4 or IPv6 address. An IPv6 address can be specified with or without square brackets. For example:

    hostname = 2001:cdba::3257:9652
    hostname = [2001:cdba::3257:9652]

    If the host supports both IPv4 and IPv6 stacks and a domain name is specified as the hostname, then the agent will use the IP stack depending on the IP address that is returned by the name resolver. If the resolver returns both IPv4 and IPv6 addresses, than the agent will try to connect sequentially to both addresses in the given order.


    Communication port that the agent uses to send events to the vRealize Log Insight or third party server. By default the agent uses the appropriate port based on the options that are set for SSL and the protocol. See default port values provided in the list below. You need to specify the port option only if it's different from these defaults.

    • cfapi with SSL enabled: 9543

    • cfapi with SSL disabled: 9000

    • syslog with SSL enabled: 6514

    • syslog with SSL disabled: 514


    Enables or disables SSL. The default value is yes.

    When ssl is set to yes, if you do not set a value for the port, the port is automatically picked up as 9543.


    The time in minutes to force reconnection to the server. The default value is 30.

    ; Hostname or IP address of your Log Insight server / cluster load balancer. Default:
    ; Protocol can be cfapi (Log Insight REST API), syslog. Default:
    ; Log Insight server port to connect to. Default ports for protocols (all TCP):
    ; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:
    ; SSL usage. Default:
  3. Save and close the liagent.ini file.


The following configuration example sets a target vRealize Log Insight server that uses a trusted certificate authority.


The following example shows a multi-destination configuration.

  • The first (default) destination receives all collected events.

  • The second destination receives just syslog events through the plain syslog protocol.

    filter= {filelog; syslog; }
  • The third destination receives vRealize Operations Manager events if they have the level field equal to "error" or "warning" and they are collected by sections whose name begins with "vrops-"

filter= {; vrops-.*; level == "error" || level == "warning"}

;Collecting syslog messages.

;various vRops logs. Note that all section names begin with "vrops-" prefix, which is used in third destination filter.


What to do next

You can configure additional SSL options for the vRealize Log Insight Linux agent. See Configure SSL Connection Between the Server and the Log Insight Agents.