Skip to content

vCAC remote logging

I have been spending a lot of time working with vCAC logs files as of late and what I realized is that vCAC is made up of a lot of components and a lot of different log files. Unfortunately, vCAC does not support setting a remote syslog destination to forward all vCAC logs within the GUI today. As such, I would like to cover where all the log files are located and more importantly how you can forward them to a remote syslog destination like Log Insight.
UPDATE: This post is based on vCAC 6.0, if you are running vRA 6.1 or newer, please be sure to see my updated post here.

Let me start by laying out all the different components and the log locations:

  • vCAC VA
    • /var/log/vcac/catalina.out
    • /var/log/vco/app-server/catalina.out
    • /var/log/apache2/access_log
    • /var/log/apache2/error_log
    • /var/log/apache2/ssl_request_log
  • vCAC Windows
    • C:\Program Files (x86)\VMware\vCAC\Agents\<plugin>\logs\<file>
      • Plugin examples: CPI61, nsx, VC50, VC51Agent, VC51TPM, vc51withTPM, VC55Agent, vc55u, VDIAgent, vCNS, vSphereAgent
      • File examples: vSphereAgent, EpiPowerShellAgent, VdiPowerShellAgent
    • C:\Program Files (x86)\VMware\vCAC\Distributed Execution Manager\DEMOR\Logs\DEMOR_All
    • C:\Program Files (x86)\VMware\vCAC\Distributed Execution Manager\DEMWR\Logs\DEMWR_All
    • C:\Program Files (x86)\VMware\vCAC\Server\Logs\All
    • C:\Program Files (x86)\VMware\vCAC\Server\ConfigTool\Log\vCACConfiguration-<date>
    • C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Logs\<nothing today>
    • C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Logs\Repository
    • C:\Program Files (x86)\VMware\vCAC\Server\Website\Logs\Web_Admin_All
    • C:\Program Files (x86)\VMware\vCAC\Web API\Logs\<nothing today>
  • SSO
    • /var/log/vmware/sso/catalina.out
    • /var/log/vmware/sso/ssoAdminServer.log
    • /var/log/vmware/sso/vmware-identity-sts-perf.log
    • /var/log/vmware/sso/vmware-identity-sts.log
    • /var/log/vmware/sso/vmware-sts-idmd-perf.log
    • /var/log/vmware/sso/vmware-sts-idmd.err
    • /var/log/vmware/sso/vmware-sts-idmd.log
    • /var/log/vmware/vmafd/vmafdd.log
    • /var/log/vmware/vmdir/vdcsetupldu.log
    • /var/log/vmware/vmdir/vmafdvmdirclient.log
    • /var/log/vmware/vmkdc/vmkdcd.log
  • VCO
    • /var/log/vco/app-server/catalina.out
  • APPD
    • /home/darwin/tcserver/darwin/logs/catalina.out
  • ITBM
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/catalina.out
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/auditFile.log
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/itfm-external-api.log
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/itfm-reflib-update.log
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/itfm-vc-dc.log
    • /usr/local/tcserver/vfabric-tc-server-standard/tcinstance1/logs/itfm.log
  • VCS
    • /var/log/vmware/vpx/vpxd.log
    • /var/log/vmware/vpx/vws.log
    • /var/log/vmware/vpx/vmware-vpxd.log
    • /var/log/vmware/vpx/inventoryservice/ds.log
    • /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log
    • /var/log/vmware/sso/ssoAdminServer.log
    • /var/log/vmware/sso/vmware-identity-sts.log
    • /var/log/vmware/sso/vmware-sts-idmd-perf.log
    • /var/log/vmware/sso/vmware-sts-idmd.log

Wow, that is a lot of log files! In order to forward these log files to a remote syslog destination like Log Insight, you need to configure a syslog agent on each device. In order to save everyone a lot of time, I have put together the configurations necessary based on the syslog agent installed in the VA for each vCAC component. Enjoy!


vCAC Windows

NOTE: Whether you are running IAAS in an all-in-one or distributed model the below configuration can be used. Any log files that do not exist will be ignored.

Log Insight Windows Agent

The recommended way to collect logs from the vCAC Windows components is using the Log Insight Windows agent. The below configuration can be applied on the client-side or the server-side and it does not matter if you have a distributed vCAC installation or not. Remember to restart the Log Insight Windows Agent service if applying the configuration client-side.

Datagram Syslog Agent






UPDATE: Added Log Insight Windows Agent configuration.

© 2014, Steve Flanders. All rights reserved.

Published inVMware


  1. JB JB

    Did not try the remote logging config scripts, but many thanks for aggregating vCAC component log file locations!

  2. Marcel Marcel

    Thanks much for the detailed info! May I ask a few questions:
    – Is it customer choice whether vCAC appliance runs Windows or Linux? If the latter, which distro?
    – The syslog configuration scripts imply syslog-ng; is this a requirement?
    – Does vCAC support an off-frame destination logserver, e.g. enterprise SIEM?
    – Does vCAC support multiple destination logservers, e.g. SIEM and operations manager?
    Thanks in advance!

    • 1. It depends on the component – for example most components (e.g. vCAC) come in a virtual appliance form factor, but IaaS requires Windows
      2. The syslog configuration files are based off what is installed by default on the vCAC component virtual appliance – you can install your own agent, but then you are changing the virtual appliance
      3. If by off-frame you mean remote destination then yes – that is what the configuration files configure
      4. This is limited by the agent, in the case of virtual appliance the answer is yes as Linux agents support multiple destination, for Windows it depends on the agent

    • I believe the audit logs are stored in the database, which means none of the above 🙂

      • Karthik Ivaturi Karthik Ivaturi

        How to access that database? Can we redirect the audit logs to a SQL database?

        • Today, there is no supported way to do this as the information is saved in a variety of different tables. Exposing this information is being considered in a future release.

  3. Joel B. Joel B.

    Hi Steve, thanks for your writeup. I wanted to point out that the include statements for the DEM and DEO servers should also contain the DEM_Errors.log and DEO_Errors.log files.
    Also, if customers have named their DEMS/DEOS/Agents, the agent name should be used in the path for the log files.

    • Hey Joel – thanks for the comment! My understanding is that All.log contains all the information in Error.log and that Error.log just exists to make it easier to see the errors when troubleshooting.

  4. Chip Chip

    Hi Steve, your article was written back in February of 2014. Have you checked to see if all these config files (and the system log names and locations) are still applicable to versions 6.1 and 6.2 of vCAC/vRA?

Leave a Reply

Your email address will not be published. Required fields are marked *