You can configure a vRealize Log Insight server to forward incoming log events to a syslog or Ingestion API target.
Use log forwarding to send filtered or tagged logs to one or more remote destinations such as vRealize Log Insight or syslog or both. Log forwarding can be used to support existing logging tools such as SIEM and to consolidate logging over different networks such as DMZ or WAN.
Log forwarders can be standalone or clustered, but a log forwarder is a separate instance from the remote destination. Instances configured for log forwarding also store logs locally and can be used to query data.
The operators you use to create filters on the Log Forwarding page are different from the filters used on the interactive analytics page. See Using Log Management Filters in Interactive Analytics for more information about using the Run in Interactive Analytics menu item to preview the results of your log filter.
Prerequisites
Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Verify that the destination can handle the number of logs that are forwarded. If the destination cluster is much smaller than the forwarding instance, some logs might be dropped.
Procedure
What to do next
You can edit or clone a log forwarding destination. If you edit the destination to change a log forwarder name, all statistics are reset.