The SDDC Manager in VCF 4.x does not contain an integrated/pre-installed vRealize LogInsight agent any more. If you need to forward log data to the centralized syslog environment this will require configuring additional OS rsylsog entries. The example below covers the configuration for TCP/TLS.
Step 1: Upload CA certificate
In most cases the vRealize LogInsight server is using a signed certificate. Upload this certificate to the SDDC Manager. If a self-signed certificate is used (not common in most business cases) then you must use the public LogInsight certificate.
# cp <uploaded-certficate> /etc/ssl/certs/Customer-CA.crt # chown root:root /etc/ssl/certs/Customer-CA.crt # chmod 644 /etc/ssl/certs/Customer-CA.crt
Step 2: Create RSyslog Entry
Create an additional file in the dynamic configuration directory of rsyslog for example /etc/rsyslog.d/remote-syslog.confand add the following specific data:
# -------------------------------------------------------- # rsyslog: centralzed logging # -------------------------------------------------------- # $WorkDirectory /var/spool/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # # Certificate Files $DefaultNetstreamDriverCAFile /etc/ssl/certs/Customer-CA.crt # # Log to central SysLog server -> Log Insight # # Version 8 format action(type="omfwd" protocol="tcp" target="loginsight.mydomain.org" port="6514" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.mydomain.org")
Step 3: Restart RSyslog
Restart the rsyslog service, open vREalize LogInsight and you should see the new SDDC manager entries.
# systemctl restart rsyslog