For Log Insight 2.5, several enhancements have been made on both the agent and ingestion API sides. I would like to cover these enhancements in detail.
Linux Agent
In Log Insight 2.0 a Windows agent was introduced and in Log Insight 2.5 a Linux agent is now available. The great news is that the configuration for both the Window and the Linux agent is the same (though Linux does not support the winlog directive since it is not applicable). This makes configuration management easy and you do not need to learn a different set of syntax. In addition, both the Log Insight ingestion API (default) and syslog protocols are supported. Per the release notes, the following versions of Linux are supported:
- RHEL: 5 Update 10, and 6 Update 5
- SLES: 11 SP3
- Ubuntu 10.04 LTS, 12.04 LTS and 14.04 LTS
To get started, you just need to grab the agent download from my.vmware.com or navigate to Administration > Agents in the UI to grab the package(s) there.
Automation trick: You can pull the agent from the server via cURL commands.
LI_FQDN=loginsight.example.com LI_ADMIN_USERNAME=admin LI_ADMIN_PASSWD=password # get a session id curl --insecure -c cookies https://$LI_FQDN/ # authenticate curl --insecure -b cookies --data 'username=$LI_ADMIN_USERNAME&password=$LI_ADMIN_PASSWD&login=Login' https://$LI_FQDN/login # grab the agent curl --insecure -b cookies https://$LI_FQDN/admin/agents?downloadAgentRPM=true >li-agent.rpm
Once you have the package(s) simply install them manually or through the configuration management tool of your choice:
sudo SERVERHOST= rpm -ivh <package>.rpm
sudo SERVERHOST= dpkg -i <package>.deb
Automation trick: The SERVERHOST=<LI_FQDN> before the command allows you to configure where the agent will send logs to (default is ‘loginsight’) removing the need to edit the configuration after installation.
Upon completion you will find the agent configuration file in /var/lib/loginsight-agent/liagent.ini. Edit this file or push changes from the server-side to monitor the files you care about.
Important notes:
- Installation can be done from a non-root user, however permissions must be configured properly for the agent to collect files based on the installed user permissions.
- Should you have a need to look at the agent logs on Linux, they can be found in /var/log/loginsight-agent.
Configuration Changes without Restart
An amazing enhancement to both the Windows and the Linux agent is that configuration changes are automatically picked up by the agent without restarting the service! That’s right, just edit the configuration file and save the changes and the agent will pick them up within a short period of time. If you ever do need to restart the agent process you can by running: service liagentd restart.
Support Bundles
Both the Windows and the Linux agent now come with a support bundle script should you need to open a support case with VMware. The scripts can be found in the following location:
- Windows: C:\Program Files (x86)\VMware\Log Insight Agent\loginsight-agent-support.exe
- Linux: loginsight-agent-support (in the default path)
SSL Support
The ingestion API has been enhanced and now offers SSL support for communication. To date, traffic was sent unencrypted over TCP/9000. Now, traffic can be sent encrypted over TCP/9543. This of course means a new firewall rule if you are in a secure environment.
IMPORTANT: The agent works with both self-signed and authoritative certificates. What is important to note is that the same certificate must be used on the server-side. The means either a certificate needs to be uploaded to every node or an external load balancer and SSL offloading needs to be leveraged. If the nodes in a Log Insight cluster have different SSL certificates (they do by default) or if the certificate the agent originally trusted gets replaced then the agent needs to be updated or communication will fail. Note the [server] section of the liagent.ini does support specifying the SSL certificate through documented parameters.
Summary
Log Insight now offers an agent for both Windows and Linux operating systems as well as SSL support over its ingestion API. Configuration management has been made even easier now that service restarts are no longer required and gathering required support information can be done from a central location.
© 2015, Steve Flanders. All rights reserved.