Forwarding logs to a syslog server from vRealize Operations Manager has been greatly simplified with the latest 6.0 release. Instead of having to manually tweak syslog-ng.conf with past releases, there is now a new UI option under Administration->Support->Logs which allows you to easily configure syslog configurations. There are currently 4 loggers (Analytics, Collector, Web & SuiteAPI) that can be configured to be forwarded to a syslog server.

To configure using the vROps UI, you select the root logger folder and then click on the gears icon at the top. From here, you can configure the syslog server as well as the syslog port.

Though this is a nice UI enhancement, it would have been really nice to have been able to configure this using an API. In doing some digging, I found that you could still automate the syslog configurations by simply adding a couple of lines into the respective files:

vROps Logger Configuration File
Analytics /usr/lib/vmware-vcops/user/conf/analytics/
Collector /usr/lib/vmware-vcops/user/conf/collector/
Web /usr/lib/vmware-vcops/user/conf/web/
SuiteAPI /usr/lib/vmware-vcops/tomcat-enterprise/webapps/suite-api/WEB-INF/

Here is a simple shell script called that you can run against your vROps instance to forward your logs. There are two variables SYSLOG_SERVER and SYSLOG_SERVER_PORT that will need to be updated before running the script. Here is an example of running the script that can come in handy to forwarding your logs to your favorite syslog server such as vRealize Operations Insight.

UPDATE (01/17/15) - Thanks to Steve Flanders for letting me know there is one additional location for configuring syslog which is the Audit logs located in under Administration->Audit. It looks like the configuration also goes into the Collector and I have updated my script to ensure this is also configured as part of the script.

Screen Shot 2015-01-17 at 9.43.35 PM

3 thoughts on “Automate forwarding of vRealize Operations Manager logs to Syslog Server

  1. Hey William – there is also one more place to configure remote syslog: Administration -> Audit. Under “User Activity Audit” the Edit option allows you to specify a remote syslog destination.

  2. Hi William, thanks for the info, though this should be better described in the vROps docs (I’ve left feedback) for those not using vRLI and its agent.

    It looks like VIEW_BRIDGE and VCOPS_BRIDGE sections are also configurable for export, though it’s not clear to me what these sections relate to.

    Thanks for your site, it’s invaluable.

Thanks for the comment!

This site uses Akismet to reduce spam. Learn how your comment data is processed.