Data archiving preserves old logs that might otherwise be removed from the vRealize Log Insight virtual appliance due to storage constraints. vRealize Log Insight can store archived data to NFS mounts.
vRealize Log Insight collects and stores logs on-disk in a series of 0.5-GB buckets. A bucket consists of compressed log files and an index. A bucket contains everything necessary to perform queries for a specific time range. When the size of the bucket exceeds 0.5 GB, vRealize Log Insight stops writing, closes all files in the bucket and seals the bucket.
When you archive data, vRealize Log Insight copies raw compressed log files from the bucket to an NFS mount when the bucket is sealed. Buckets that have been sealed when data archiving is not enabled are not retroactively archived.
The path created within an archive export is in the form year/month/day/hour/bucketuuid/data.blob, using the timestamp at which the bucket was originally created in UTC.
Do not mount NFS permanently or changes the /etc/fstab file. vRealize Log Insight itself performs NFS mounting for you.
- Verify that you have access to an NFS partition that meets the following requirements.
- The NFS partition must allow reading and writing operations for guest accounts.
- The mount must not require authentication.
- The NFS server must support NFS v3 or v4.
- If using a Windows NFS server, allow unmapped user UNIX access (by UID/GID).
- Verify that you are logged in to the vRealize Log Insight web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Navigate to the Administration tab.
- Under Configuration, click Archiving.
- Select Enable Data Archiving and enter the path to an NFS partition where logs are archived in the form nfs://servername<:port-number>/exportname.
The port number defaults to 2049.
- Click Test to verify the connection.
- Click Save.
What to do next
After vRealize Log Insight restarts, verify that syslog feeds from ESXi continue to arrive in vRealize Log Insight.