The vRealize Log Insight Server rejects the connection with the Log Insight Agents when you try to send non-encrypted traffic.
You can configure a vRealize Log Insight Server to accept non-SSL connections or configure Log Insight Agents to send data through an SSL cfapi
protocol connection.
Problem
When you attempt to use cfapi
to send non-encrypted traffic, the vRealize Log Insight Server rejects your connection. One of the following error messages appears in the agent log: 403 Forbidden or 403 Only SSL connections are allowed.
Cause
vRealize Log Insight is configured to accept only SSL connections, but the Log Insight Agents are configured to use a non-SSL connection.
Solution
- Configure your vRealize Log Insight Server to accept a non-SSL connection.
- Navigate to the Administration tab.
- Under Configuration, click SSL.
- Under the API Server SSL header, deselect Require SSL Connection.
- Click Save.
- Configure the vRealize Log Insight agent to send data through an SSL
Cfapi
protocol connection.- Navigate to the folder containing the liagent.ini file.
Operating system Path Linux /var/lib/loginsight-agent/ Windows %ProgramData%\VMware\Log Insight Agent - Open the liagent.ini file in any text editor.
- Change the value of the ssl key in the [server] section of the liagent.ini file to yes and the protocol to
cfapi
.proto=cfapi ssl=yes
- Save and close the liagent.ini file.
- Navigate to the folder containing the liagent.ini file.