vRLI 4.6 comes pre-installed with the capability to analyse core VMware products/components including vSphere, VSAN and vROPs.  Customers will require the ability to examine logs from other products that may or may not be VMware related and expect the same integrated experience when using filters, graphs and searching data.  To facilitate this, product content packs can be imported into the vRLI that provides the necessary rules, event types etc. that relate to the specific product the user wants to perform log analysis on.

Installing a Content Pack

Content Packs are installed from the “Content Packs” menu.

A content pack may either be import directly if the administrator already has a copy or the marketplace can be used if the vRLI appliance has internet access to download them from the web.

In this example we are going to install the content pack for vRealize Suite Lifecycle Manager 1.3.0 from the marketplace.

Once the content pack is installed it should show up in the content pack management screen.

If the pack needs to be un-installed, upgraded or you simply need to verify setup instructions then this can be done using the settings menu from within the content pack.

Agent Configuration (Client Side)

The configuration of the vRLI agent will depend on what product/appliance the agent is being used within.  Most VMware appliances will come pre-installed with a vRLI agent but without any configuration.  Others (including servers) will likely need a vRLI agent first installing and then configuring.

In our example the agent is configured solely from within the vRSLCM GUI interface via a few fields however lets assume that we have an agent deployed into an appliance that doesn’t have this option and it needs to be configured from the command line (as per a Linux VM or non-VMware appliance).

The agent configuration file (once the agent is installed) is located in “/var/lib/loginsight-agent/liagent.ini”.  Using VI (or any other text editor) the highlighted fields can be populated with the necessary values.  In this example we are using the CFAPI protocol rather than generic SYSLOG and we are setting the log traffic to be sent over SSL.

The usual port numbers are:

CFAPI SSL = 9543
CFAPI (No SSL) = 9000
SYSLOG SSL = 6514
SYSLOG (No SSL) = 514

Note that the above port numbers can change depending on how the installer has configured the target server (CLI only).

Once the basic agent configuration has been done the agent should be restarted to re-read the configuration file that has just been changed.  The new agent should now show within the “Agents” section of vRLI.

Agent Configuration (Server Side)

Once the content pack is installed and our vRLI agent configured we need to define what information to send to vRLI and from which log files.  The content pack will come with an agent template that specifies the log files, their locations and how they should be parsed by vRLI.  These can be found in the “Administration” page and then in the “Agents” section as shown below.

The “Copy Template” option is used to take the template and create a new Agent Group from the template.  This means using the template for the agent configuration and defining one or more filters to select the agents that should have the configuration applied to.  In this example we are leaving the agent configuration as per the template and adding a filter for our vRSLCM appliance using its IP address.

Once the agent group is defined the configuration should be submitted to vRLI using the “Save Agent Group” button.

The agent group now shows up at the top of the drop down list as an active group.