VMware vrealize Automation 6.1/6.2 Logging Overview and Configuration for Log Insight Content Pack Kimberly Delgado, @KCDAutomate Steve Flanders, @smflanders Jan 2015 2014 VMware Inc. All rights reserved.
Distributed Architecture vro vra App Svcs vra VAs Infrastructure Web / Manager LBs SSO Clustered SQL Server DB Infrastructure Web / Manager Servers Infrastructure Fabric Infrastructure Agents/DEMs NOTE: see the vra Reference Architecture guide for detailed layouts. 2
Host Roles SSO: Authentication from vcenter 5.5 SSO, SSO Identity Appliance or the SSO standalone Windows host vra Virtual Appliance(s): host the CAFÉ & Code Stream services, embedded Postgres DB instance and embedded vro Instance; CAFÉ services can be configured in distributed manner on multiple instances of the VA vro (External): for non-poc environments, an external vro configuration can be standalone or load-balanced with external DB App Services: VA for application services components Infrastructure Web Server: hosts web server UI, WAPI interface and Model Manager Manager Service: responsible for moving Infrastructure components through their defined lifecycle DEMs: Orchestrator & Workers interacts with Fabric sources Agents interacts with Fabric sources 3
Remote Logging Operating Systems Windows does not natively support syslog Virtual Appliances (VAs) and Linux do support syslog Log Insight Agent Available for both Windows and Linux Easy to deploy and configure; very lightweight Ability to handle multiline messages and tag events Properly handles log spikes and log rotation Offers capabilities beyond those provided by syslog Use of the Log Insight agent is recommended for all vrealize Automation components (Windows and Linux) The Log Insight agent configurations include custom Tags which are leveraged in the vra content pack. If not properly configured, some queries may not work as expected. 4
Remote Logging, continued Log Insight Windows agent installation instructions: http://pubs.vmware.com/log-insight-25/index.jsp?topic= %2Fcom.vmware.log-insight.administration.doc %2FGUID-455106F4-4C3D-47C1-8EF6-84992BCCEB05.html Log Insight Linux agent installation instructions: http://pubs.vmware.com/log-insight-25/index.jsp?topic= %2Fcom.vmware.log-insight.administration.doc%2FGUID-DB4A27CF- BDA7-443F-94FB-AB9097AD8008.html 5
Log Locations
vcenter SSO Identity VA (SSO VA & vcenter SSO) /var/log/vmware/sso/* Catalina.out (primary) ssoadminserver.log user log in info here vmware-identity-sts-perf.log vmware-identity-sts.log vmware-sts-idmd-perf.log vmware-sts-idmd.err vmware-sts-idmd.log /var/log/messages Active Directory connection info Windows VIM on vcenter SSO C:\ProgramData\VMware\CIS\logs\vmware-sso\ C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs 7
vrealize Automation Virtual Appliances vrealize Automation (vra) & Code Stream (vrcs) /var/log/vmware/vcac/catalina.out /var/log/apache2/access_log /var/log/apache2/ssl_request_log /var/log/apache2/error_log vrealize Orchestrator (embedded & external same location): /var/log/vco/app-server/catalina.out /var/log/vco/app-server/server.log /var/log/vco/app-server/scripting.log Individual plugins need to be configured for logging and may have different log locations Application Services /home/darwin/tcserver/darwin/logs/catalina.out Artifactory (for Code Stream) /storage/artifactory/home/logs/artifactory.log /storage/artifactory/home/logs/access.log /storage/artifactory/home/logs/request.log /storage/artifactory/home/logs/import.export.log 8
vrealize Automation Infrastructure Exact logs & locations will depend on deployment type and configuration; these are basic places to start! Infrastructure Server (Web, Manager) C:\Program Files (x86)\vmware\vcac\server\logs\all C:\Program Files (x86)\vmware\vcac\server\config Tool\Log\vCACConfiguration- <date> C:\Program Files (x86)\vmware\vcac\server\model Manager Data\Logs\ C:\Program Files (x86)\vmware\vcac\server\model Manager Web\Logs\Repository C:\Program Files (x86)\vmware\vcac\website\logs\web_admin_all C:\Program Files (x86)\vmware\vcac\web API\Logs\ 9
vrealize Automation Infrastructure, continued Some log directories and filenames are set during installation and will depend on entered information. Information like <THIS> needs to be replaced with entered information. Agents C:\Program Files (x86)\vmware\vcac\agents\<plugin>\logs\<file> <PLUGIN> Examples: vsphereagent, nsx, VC55Agent, VDIAgent <FILE> Examples: vsphereagent, EpiPowerShellAgent, VdiPowerShellAgent IMPORTANT: The Agent name specified during installation dictates the value of <PLUGIN> DEMs C:\Program Files (x86)\vmware\vcac\distributed Execution Manager\<DEM_NAME> C:\Program Files (x86)\vmware\vcac\distributed Execution Manager\<DEO_NAME> IMPORTANT: The DEM/DEO name specified during installation dictates the value 10
vrealize Business vrb Data Collector /var/log/itbm-data-collector/catalina.out /var/log/itbm-data-collector/itfm-vc-dc.log /var/log/itbm-data-collector/localhost_access_log.* /var/log/itbm-data-collector/vf.tc-events.txt vrb Server /var/log/itbm-server/audit.log /var/log/itbm-server/catalina.out /var/log/itbm-server/itfm-external-api.log /var/log/itbm-server/itfm-reflib-update.log /var/log/itbm-server/itfm.log /var/log/itbm-server/localhost_access_log.* /var/log/itbm-server/vcac.log /var/log/itbm-server/vf.tc-events.txt 11
Syslog Configuration
Log Insight Server-Side Agent Configuration Log Insight agent configuration can be set client-side or server-side. Server-side consists of three steps outlined below. The slide following have client-side configurations. 1. Enable vro logging see the vro slide for configuration information 2. Static configuration (copy and paste): ;;; vcenter SSO VCSA [filelog vmw-sso] directory=/var/log/vmware/sso exclude=vmware-* event_marker=^(\[\d{4}-\d{2}-\d{2} \d{2}-\w+-\d{4}) tags={"vmw_product":"sso } [filelog vmw-sso-sts-idmd-perf] directory=/var/log/vmware/sso include=vmware-sts-idmd-perf* event_marker=^\d{4}-\d{2}-\d{2}\s\s+\s\w+\s+\w+ tags={"vmw_product":"sso } [filelog vmw-sso-sts-perf] directory=/var/log/vmware/sso include=vmware-identity-sts-perf* event_marker=^\[\d{4}-\d{2}-\d{2}\s\s+\s\s+\s\s+\]\s+\w+ tags={"vmw_product":"sso } [filelog vmw-sso-sts-other] directory=/var/log/vmware/sso include=vmware-sts-idmd.*;vmware-identity-sts.* event_marker=^\[\d{4}-\d{2}-\d{2}\s\s+\s\s+\s\s+ tags={"vmw_product":"sso } 13
Log Insight Server-Side Agent Configuration ;;; vcenter SSO Windows [filelog vcenter-sso] directory=c:\programdata\vmware\cis\logs\vmware-sso event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product":"sso"} [filelog vcenter-sso-sts] directory=c:\programdata\vmware\cis\runtime\vmwarests\logs event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product":"sso } ;;; vra [filelog vra] directory=/var/log/vmware/vcac event_marker=^[^\d] tags={"vmw_product : vra,"vmw_product_component : cafe } [filelog apache] directory=/var/log/apache2 event_marker=^[^\s] tags={ asf_product : http } ;;; vrcs [filelog vrcs] directory=/storage/artifactory/home/logs event_marker=^[^\d] tags={"vmw_product : vrcs,"vmw_product_component : artifactory } ;;; vra APPD [filelog vra-appd] directory=/home/darwin/tcserver/darwin/logs event_marker=^\w+\s\d{2}\s\d{4}\s\s+\s\w+\s+[\s+] tags={"vmw_product : vra,"vmw_product_component": appd"} 14
Log Insight Server-Side Agent Configuration ;;; Static vra [filelog vra-agent-vsphere] directory=c:\program Files (x86)\vmware\vcac\agents\vsphereagent\logs\ event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product": vra,"vmw_product_component":"agent"} [filelog vra-server] directory=c:\program Files (x86)\vmware\vcac\server\logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"server"} [filelog vra-mm] directory=c:\program Files (x86)\vmware\vcac\server\model Manager Web\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"mm"} [filelog vra-web] directory=c:\program Files (x86)\vmware\vcac\server\website\logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"web"} [filelog vra-install] directory=c:\program Files (x86)\vmware\vcac\installlogs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"install"} 15
Log Insight Server-Side Agent Configuration ;;; vrb [filelog vra-vrb-server] directory=/var/log/itbm-server event_marker=^[^\s] tags={"vmw_product": vrb","vmw_product_component":"server } [filelog vra-vrb-data-collector] directory=/var/log/itbm-data-collector event_marker=^[^\s] tags={"vmw_product": vrb","vmw_product_component":"data-collector"} 3. Dynamic configuration (modify everything like <THIS>): ;;; Dynamic vra agent configuration ;;; MANUAL CONFIGURATION CHANGES REQUIRED ;;; DO NOT JUST COPY AND PASTE THIS SECTION ;;; For every agent installed a new agent configuration section is required ;;; The name of the agent given during installation dictates the log directory name [filelog vra-agent-<agent_name>] directory=c:\program Files (x86)\vmware\vcac\agents\<agent_name>\logs\ event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product": vra,"vmw_product_component":"agent } 16
Log Insight Server-Side Agent Configuration ;;; A DEM name can be specified during installation ;;; The name of the DEM given during installation dictates the log directory name ;;; If no name is given the DEM name is: DEM [filelog vra-dem] directory=c:\program Files (x86)\vmware\vcac\distributed Execution Manager\<DEM_NAME>\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra,"vmw_product_component":"dem"} ;;; A DEO name can be specified during installation ;;; The name of the DEO given during installation dictates the log directory name ;;; If no name is given the DEO name is: DEO [filelog vra-deo] directory=c:\program Files (x86)\vmware\vcac\distributed Execution Manager\<DEO_NAME>\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra,"vmw_product_component":"deo"} 17
vcenter SSO on VCSA Log Insight agent configuration (recommended copy and paste): ;;; vcenter SSO VCSA [filelog vmw-sso] directory=/var/log/vmware/sso exclude=vmware-* event_marker=^(\[\d{4}-\d{2}-\d{2} \d{2}-\w+-\d{4}) tags={"vmw_product":"sso } [filelog vmw-sso-sts-idmd-perf] directory=/var/log/vmware/sso include=vmware-sts-idmd-perf* event_marker=^\d{4}-\d{2}-\d{2}\s\s+\s\w+\s+\w+ tags={"vmw_product":"sso } [filelog vmw-sso-sts-perf] directory=/var/log/vmware/sso include=vmware-identity-sts-perf* event_marker=^\[\d{4}-\d{2}-\d{2}\s\s+\s\s+\s\s+\]\s+\w+ tags={"vmw_product":"sso } [filelog vmw-sso-sts-other] directory=/var/log/vmware/sso include=vmware-sts-idmd.*;vmware-identity-sts.* event_marker=^\[\d{4}-\d{2}-\d{2}\s\s+\s\s+\s\s+ tags={"vmw_product":"sso } Syslog configuration (restart syslog after changes): /etc/syslog-ng/syslog-ng.conf Set destination logserver to syslog host or Log Insight 18
vcenter SSO on Windows Log Insight agent configuration (copy and paste): ;;; vcenter SSO Windows [filelog vcenter-sso] directory=c:\programdata\vmware\cis\logs\vmware-sso event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product":"sso"} [filelog vcenter-sso-sts] directory=c:\programdata\vmware\cis\runtime\vmwarests\logs event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product":"sso"} 19
vrealize Orchestrator (vro) Syslog configuration: Edit /etc/vco/app-server/log4j.xml Edit section (remove comments and substitute <HOST> with Syslog or Log Insight host): <appender name="syslog" class="org.apache.log4j.net.syslogappender"> <param name="threshold" value="info"/> <param name="facility" value="local1"/> <param name="sysloghost" value= <HOST>"/> <param name="facilityprinting" value="false"/> <layout class="org.apache.log4j.patternlayout"> <param name="conversionpattern" value="vco: prio:%-5p thread:%t token:%x{token} wf:%x{workflowname} wfid:%x{workflow} user: %X{username} cat: %c{1} msg:%m%n"/> </layout> </appender> At end of config xml (/etc/vco/app-server/log4j.xml) Edit section (remove comments for SYSLOG appender): <root> <priority value="info" /> <appender-ref ref="console" /> <appender-ref ref="file" /> <appender-ref ref="syslog" /> <!-- <appender-ref ref="event_log" /> --> </root> 20
vrealize Automation (vra) & Code Stream (vrcs) Log Insight agent configuration (recommended copy and paste): ;;; vra [filelog vra] directory=/var/log/vmware/vcac event_marker=^[^\d] tags={"vmw_product : vra,"vmw_product_component : cafe } [filelog apache] directory=/var/log/apache2 event_marker=^[^\s] tags={ asf_product : http } ;;; vrcs [filelog vrcs] directory=/storage/artifactory/home/logs event_marker=^[^\d] tags={"vmw_product : vrcs,"vmw_product_component : artifactory } Syslog configuration (restart syslog after changes): /etc/rsyslog.d/remote.conf Add details for each log file (substitute <HOST> with Syslog or Log Insight host at end): 21
vrealize Automation, continued # # vra + vrcs log files # Add to: /etc/rsyslog.d/remote.conf # Replace with Log Insight FQDN # Run: /etc/init.d/syslog restart # $ModLoad imfile # vra $InputFileName /var/log/vmware/vcac/catalina.out $InputFileTag vcac: $InputFileStateFile stat-vcac-catalina1 $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /var/log/vco/app-server/catalina.out $InputFileTag vco: $InputFileStateFile stat-vco-catalina1 $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /var/log/apache2/access_log $InputFileTag apache: $InputFileStateFile stat-apache2-access1 $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /var/log/apache2/error_log $InputFileTag apache: $InputFileStateFile stat-apache2-error1 $InputFileSeverity error $InputFileFacility local7 $InputRunFileMonitor $InputFileName /var/log/apache2/ssl_request_log $InputFileTag apache: $InputFileStateFile stat-apache2-ssl1 $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor 22
vrealize Automation, continued # vrcs $InputFileName /storage/artifactory/home/logs/artifactory.log $InputFileTag vrcs: $InputFileStateFile stat-vrcs-artifactory $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /storage/artifactory/home/logs/import.export.log $InputFileTag vrcs: $InputFileStateFile stat-vrcs-import-export $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /storage/artifactory/home/logs/access_log $InputFileTag vrcs: $InputFileStateFile stat-vrcs-access1 $InputFileSeverity info $InputFileFacility local7 $InputRunFileMonitor $InputFileName /storage/artifactory/home/logs/error_log $InputFileTag vrcs: $InputFileStateFile stat-vrcs-error1 $InputFileSeverity error $InputFileFacility local7 $InputRunFileMonitor # check for new lines every 10 seconds $InputFilePollInterval 10 *.* @@<HOST> 23
Application Services Log Insight agent configuration (recommended copy and paste): ;;; vra APPD [filelog vra-appd] directory=/home/darwin/tcserver/darwin/logs event_marker=^\w+\s\d{2}\s\d{4}\s\s+\s\w+\s+[\s+] tags={"vmw_product : vra,"vmw_product_component": appd"} Syslog configuration (restart syslog after changes): /etc/syslog-ng/syslog-ng.conf Add following details (substitute <HOST> with Syslog or Log Insight host at end): # # APPD log files # Add to: /etc/syslog-ng/syslog-ng.conf # Replace with Log Insight FQDN # Run: /etc/init.d/syslog restart # source appd { file("/home/darwin/tcserver/darwin/logs/catalina.out" follow_freq(1) flags(no-parse) log_prefix("appd: ")); }; destination logserver { tcp("<host>" port (514)); }; log { source(appd); destination(logserver); }; log { source(src); destination(logserver); }; 24
vrealize Automation Infrastructure Log Insight agent configuration (copy and paste the static section, but be sure to make changes to the dynamic section on next page): ;;; Static vra agent configuration ;;; Just copy and paste the below configuration [filelog vra-agent-vsphere] directory=c:\program Files (x86)\vmware\vcac\agents\vsphereagent\logs\ event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product": vra,"vmw_product_component":"agent"} [filelog vra-server] directory=c:\program Files (x86)\vmware\vcac\server\logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"server"} [filelog vra-mm] directory=c:\program Files (x86)\vmware\vcac\server\model Manager Web\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"mm"} [filelog vra-web] directory=c:\program Files (x86)\vmware\vcac\server\website\logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"web"} [filelog vra-install] directory=c:\program Files (x86)\vmware\vcac\installlogs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra", vmw_product_component":"install"} 25
vrealize Automation Infrastructure, continued Log Insight agent configuration, continued ;;; Dynamic vra agent configuration ;;; MANUAL CONFIGURATION CHANGES REQUIRED ;;; DO NOT JUST COPY AND PASTE THIS SECTION ;;; For every agent installed a new agent configuration section is required ;;; The name of the agent given during installation dictates the log directory name [filelog vra-agent-<agent_name>] directory=c:\program Files (x86)\vmware\vcac\agents\<agent_name>\logs\ event_marker=^\[\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} tags={"vmw_product": vra,"vmw_product_component":"agent"} ;;; A DEM name can be specified during installation ;;; The name of the DEM given during installation dictates the log directory name ;;; If no name is given the DEM name is: DEM [filelog vra-dem] directory=c:\program Files (x86)\vmware\vcac\distributed Execution Manager\<DEM_NAME>\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra,"vmw_product_component":"dem"} ;;; A DEO name can be specified during installation ;;; The name of the DEO given during installation dictates the log directory name ;;; If no name is given the DEO name is: DEO [filelog vra-deo] directory=c:\program Files (x86)\vmware\vcac\distributed Execution Manager\<DEO_NAME>\Logs\ include=*all.log;repository.log event_marker=^\[\w\w\w:\d{4}-\d{2}-\d{2} tags={"vmw_product": vra,"vmw_product_component":"deo"} 26
vrealize Business Standard Log Insight Agent configuration (copy and paste): ;;; vrb [filelog vra-vrb-server] directory=/var/log/itbm-server event_marker=^[^\s] tags={"vmw_product": vrb","vmw_product_component":"server } [filelog vra-vrb-data-collector] directory=/var/log/itbm-data-collector event_marker=^[^\s] tags={"vmw_product": vrb","vmw_product_component":"data-collector"} 27
Log Insight
Aggregated Logs in Log Insight Content Pack for vcac 6.0 and vra 6.1 or newer available on VMware Solution Exchange and the Log Insight marketplace 29