In this recipe, we will configure the Orchestrator server to send all logs to a centralized Syslog server. This is especially important when using Orchestrator clusters.
You need a Syslog server or a vRealize Log Insight Server as a target.
You may also need access to the Orchestrator appliance OS (SSH).
When you buy vSphere, you also get licensing for Log Insight for 25 hosts.
If you are using vRealize Log Insight then you should also consider downloading the vRO7 package. You can find some details here:
http://blogs.vmware.com/management/2016/04/vrealize-orchestrator-7-0-content-pack-log-insight.html .
We are now configuring Log Insight to access Orchestrator:
- Log into the vRealize Log Insight website.
- Click in the upper right corner and select Content Packs.
- Select the VMware - Orchestrator content pack:
- Tick the install tickbox and then on Install.
The redirection of Syslog became much easier in vRO7 as everything is more or less done in the Control Center:
- Login to the Orchestrator Control Center.
- Go to Logging Integration.
- Tick the box next to Enable logging to a remote log server to configure Syslog.
Sadly, Log4J is deprecated at this stage. However, you can and should use the Log Insight Agent to send Syslog messages:
- From where we left off, select Use Log4j Syslog Appender.
- Enter your FQDN or IP of the Syslog host as well as the port, if it's not
514. - Select the Facility. The facility is a kind of folder where the log files should be stored. You can choose between User and Local0 to Local7.
- The Threshold is setting from what level you want to forward Syslog messages. I would not recommend anything lower than INFO, but that depends on the purpose for forwarding.
- The Network Protocol can be either UDP or TCP. Normally UDP is the way to go.
- Click on Save and then Test connection. If that works, check your Syslog server for incoming messages:
Orchestrator has been fitted with an agent for VMware vRealize Log Insight. Here is how to configure it from where we left off:
- Select Use Log Insight Agent.
- Enter your FQDN or IP of your vRealize Log Insight Server as well as the port, which is default
9000. If you want to send Syslog messages to a Syslog server, choose the Syslog hostname or IP and then select port 514. - Select the Protocol. Use cfapi with Log Insight and Syslog for the usage with a Syslog server.
- Click on Save.
- We now need to configure the Log Insight Agent to send logs across. For this, see the There's more... section.
Redirecting Syslog files to a central logging facility can be quite a useful thing. Not only does the Orchestrator Syslog contain the normal Orchestrator Syslog entries, but also information on by whom and when was the workflow run. See the Scripting with logs recipe in Chapter 5, Visual Programming, for more information.
A Syslog server is normally used to analyze and/or monitor the behavior of a given system. Typical actions are to make sure problems are captured early as well as to track the performance of a system. A lot of companies also use Syslog to keep a record of what workflow has been run by whom and when.
You can download and test vRealize Log Insight for free, just go to the vmware.com webpage and join the trial.
For working with the Orchestrator log files, have a look at the recipe Orchestrator log files in this chapter.
If you want to use a classic external Syslog server (such as Splunk), but you like to use the Log Insight Agent on Orchestrator, to forward the logs you need to do some configuration. To do this, follow these steps:
- Configure the logging integration to use Log Insight Agent.
- Enter the Syslog host IP or FQDN and then choose port
514. - Set Protocol to syslog.
- Connect to Orchestrator via SSH.
- Edit the file
/var/lib/loginsight-agent/liagent.ini. - Add the following entries at the end:
[filelog|scripting] directory=/var/log/vco/app-server include= scripting.log; scripting.log.* [filelog|server] directory=/var/log/vco/app-server include=server.log;server.log.*
- Restart the log insight agent with the
service liagentd restartcommand. - Check the log files for errors:
/var/log/loginsight-agent/liagent_[date].log
This should now forward all the servers and scripting log files to your Syslog server. Also, see the recipe Orchestrator log files in this chapter.
The configuration of the Log insight Linux Agent is documented in the VMware vRealize Log Insight 3 Agent Administration Guide ( http://tinyurl.com/VMwareLI30Admin )
There are tons of Syslog software tools for Windows and for Linux. Here is a short list of the most common ones for Windows:
All Linux servers come with a Syslog service installed and can be used as well. However, in general, they do not have a comfortable web or GUI frontend.
The Scripting with logs recipe in Chapter 5, Visual Programming.
All Orchestrator log files can be found at kb.vmware.com/kb/1010956. The example workflow 02.06 Configure Syslog for LoginSight.