VMware

Log Insight Agent: Linux Configurations for Common Applications

by Steve Flanders

In my previous post, I discussed how to configure vRA logging. In this post I would like to provide some Log Insight Linux agent configuration samples for common Linux and VMware applications. You may notice some duplication of information. I will be updating this post over time so be sure to check back from time to time!
li-heart-linux

NOTES:
– If you are running an agent version 2.5 or newer you do not need to restart the agent for changes to take effect. For version older than 2.5 you do need to restart the agent for changes to take effect.
– You can add configuration client-side via the liagent.ini file, server-side from /admin/agents or a combination of both.
– The configurations listed below are meant to be samples and may need to be adjusted for your specified environment.

VMware

APPD

IMPORTANT: If you are running Log Insight 3.0 or newer, install the vCAC/vRA content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

;;; vRA APPD
[filelog|vra-appd]
directory=/home/darwin/tcserver/darwin/logs
event_marker=^\w+\s\d{2}\s\d{4}\s\S+\s\w+\s+[\S+]
tags={"vmw_product":"vra","vmw_product_component":"appd"}

SSO

IMPORTANT: If you are running Log Insight 3.0 or newer, enable the included agent group(s) from the vSphere content pack to get the latest configuration.

;;; vCenter SSO VCSA
[filelog|vmw-sso]
directory=/var/log/vmware/sso
exclude=vmware-*
event_marker=^(\[\d{4}-\d{2}-\d{2}|\d{2}-\w+-\d{4})
tags={"vmw_product":"sso"}
[filelog|vmw-sso-sts-idmd-perf]
directory=/var/log/vmware/sso
include=vmware-sts-idmd-perf*
event_marker=^\d{4}-\d{2}-\d{2}\s\S+\s\w+\s+\w+
tags={"vmw_product":"sso"}
[filelog|vmw-sso-sts-perf]
directory=/var/log/vmware/sso
include=vmware-identity-sts-perf*
event_marker=^\[\d{4}-\d{2}-\d{2}\s\S+\s\S+\s\S+\]\s+\w+
tags={"vmw_product":"sso"}
[filelog|vmw-sso-sts-other]
directory=/var/log/vmware/sso
include=vmware-sts-idmd.*;vmware-identity-sts.*
event_marker=^\[\d{4}-\d{2}-\d{2}\s\S+\s\S+\s\S+
tags={"vmw_product":"sso"}

vCD

While you can install the Log Insight Linux agent to collect OS logs, collecting vCD logs should be done via the process described in http://kb.vmware.com/kb/2004564.

vCS

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

;;; vCenter Server VCSA
[filelog|vmw-vc-vpx]
directory=/var/log/vmware/vpx
include=vpxd.log;vws.log;vmware-vpxd.log
event_marker=^(\[)?\d{4}-\d{2}-\d{2}(T| )\d{2}:\d{2}:\d{2}
tags={"vmw_product":"vcenter”}
[filelog|vmw-vc-vpx-ds]
directory=/var/log/vmware/vpx/inventoryservice
include=ds.log
event_marker=^(\[)?\d{4}-\d{2}-\d{2}(T| )\d{2}:\d{2}:\d{2}
tags={"vmw_product":"vcenter”}
[filelog|vmw-vc-client]
directory=/var/log/vmware/vsphere-client/logs
include=vsphere_client_virgo.log
event_marker=^(\[)?\d{4}-\d{2}-\d{2}(T| )\d{2}:\d{2}:\d{2}
tags={"vmw_product":"vcenter”}
[filelog|vmw-vc-client-wrapper]
directory=/var/log/vmware/vsphere-client/Logs
include=wrapper.log
tags={"vmw_product":"vcenter”}

vRA

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

;;; vRA
[filelog|vra]
directory=/var/log/vmware/vcac
event_marker=^[^\d]
tags={"vmw_product":"vra","vmw_product_component":"cafe"}

vRB

;;; vRB
[filelog|vra-vrb-server]
directory=/var/log/itbm-server
event_marker=^[^\s]
tags={"vmw_product":"itbm","vmw_product_component":"server"}
[filelog|vra-vrb-data-collector]
directory=/var/log/itbm-data-collector
event_marker=^[^\s]
tags={"vmw_product":"itbm","vmw_product_component":"data-collector"}

vRCS

;;; vRCS
[filelog|vrcs]
directory=/storage/artifactory/home/logs
event_marker=^[^\d]
tags={"vmw_product":"vrcs","vmw_product_component":"jfrog"}

Other

Apache

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

[filelog|apache-linux-generic]
directory=/var/log/apache2
tags={"asf_product":"http"}
[filelog|apache-linux-rhel]
directory=/var/log/httpd
tags={"asf_product":"http"}

Auditd

[filelog|auditd]
directory=/var/log/audit

Jenkins

[filelog|jenkins]
directory=/var/log/jenkins
include=jenkins*
event_marker=^\S\S\S \d\d?, \d\d\d\d \d\d?:\d\d:\d\d (A|P)M

© 2015, Steve Flanders. All rights reserved.

Steve Flanders

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top