The files that contain system messages are located on the vRealize Log Insight virtual appliance.

The following table lists each file and its purpose.

If you need information on log rotation or log archiving for these files, see Log Rotation Schemes Supported by vRealize Log Insight Agents in Working with vRealize Log Insight Agents and Enable or Disable Data Archiving in vRealize Log Insight in Administering vRealize Log Insight.

File Description
/storage/var/loginsight/alert.log Used to track information about user-defined alerts that have been triggered.
/storage/var/loginsight/apache-tomcat/logs/*.log Used to track events from Apache Tomcat server.
/storage/var/loginsight/cassandra.log Used to track cluster configuration storage and replication in Apache Cassandra.
/storage/var/loginsight/plugins/vsphere/li-vsphere.log Used to trace events related to integration with vSphere Web Client.
/storage/var/loginsight/loginsight_daemon_stdout.log Used for the standard output of vRealize Log Insight daemon.
/storage/var/loginsight/phonehome.log Used to track information about trace data collection sent to VMware (if enabled).
/storage/var/loginsight/pi.log Used to track database start or stop events.
/storage/var/loginsight/runtime.log Used to track all run time information related to vRealize Log Insight.
/var/log/firstboot/stratavm.log Used to track the events that occur at first boot and configuration of the vRealize Log Insight virtual appliance.
/storage/var/loginsight/systemalert.log Used to track information about system notifications that vRealize Log Insight sends. Each alert is listed as a JSON entry.
/storage/var/loginsight/systemalert_worker.log Used to track information about system notifications that a vRealize Log Insight worker node sends. Each alert is listed as a JSON entry.
/storage/var/loginsight/ui.log Used to track events related to the vRealize Log Insight user interface.
/storage/var/loginsight/ui_runtime.log Used to track runtime events related to the vRealize Log Insight user interface.
/storage/var/loginsight/upgrade.log Used to track events that occur during vRealize Log Insight upgrade.
/storage/var/loginsight/usage.log Used to track all queries.
/storage/var/loginsight/vcenter_operations.log Used to track events related to the vRealize Operations Manager integration
/storage/var/loginsight/watchdog_log* Used to track the run time events of the watch dog process, which is responsible for restarting vRealize Log Insight if it is shutdown for some reason.
/storage/var/loginsight/api_audit.log Used to track the API calls to Log Insight.
/storage/var/loginsight/pattern_matcher.log Used to track the pattern matching times and timeouts for field extraction.

Log Messages Related to Security

The ui_runtime.log file contains user audit log messages in the following format.

  • [2019-05-10 11:28:29.709+0000] ["https-jsse-nio-443-exec-9"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: vIDM: SAM=myusername, Domain=vmware.com, UPN=myusername@vmware.com]
  • [2019-05-10 11:28:45.812+0000] ["https-jsse-nio-443-exec-3"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: vIDM: SAM=myusername, Domain=vmware.com, UPN=myusername@vmware.com]
  • [2019-05-10 11:28:29.709+0000] ["https-jsse-nio-443-exec-9"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]
  • [2019-05-10 11:28:45.812+0000] ["https-jsse-nio-443-exec-3"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: Active Directory User: SAM=myusername, Domain=vmware.com,UPN=myusername@vmware.com]
  • [2019-05-10 11:29:28.330+0000] ["https-jsse-nio-443-exec-6"/10.153.234.136 DEBUG] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login success: Local User: Name=myusername]
  • [2019-05-10 11:29:47.078+0000] ["https-jsse-nio-443-exec-10"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User logged out: Local User: Name=myusername]
  • [2019-05-10 11:29:23.559+0000] ["https-jsse-nio-443-exec-7"/10.153.234.136 WARN] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User login failure: Bad username/password attempt (username: incorrectUser)]
  • [2019-05-10 11:45:37.795+0000] ["https-jsse-nio-443-exec-7"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: Local User: Name=myusername]
  • [2019-05-10 11:09:50.493+0000] ["https-jsse-nio-443-exec-6"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new user: vIDM: SAM=myusername, Domain=vmware.com, UPN=myusername@vmware.com]
  • [2019-05-10 11:47:05.202+0000] ["https-jsse-nio-443-exec-10"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Created new group: (directoryType= VIDM, domain=vmware.com, group=vidm_admin)]
  • [2019-05-10 11:58:11.902+0000] ["https-jsse-nio-443-exec-4"/10.153.234.136 INFO] [com.vmware.loginsight.web.actions.settings.UsersActionBean] [Removed groups: [class com.vmware.loginsight.database.dao.RBACADGroupDO<vidm/vmware.com/vidm_admin>]]
Note:
  • Some logs are available in debug level. For information about enabling the debug level for each node, see Enable Debug Level for User Audit Log Messages.
  • Each node in a vRealize Log Insight cluster has its own ui_runtime.log file. You can examine the log files of the nodes to monitor the cluster.