Configure the vRealize Log Insight LAM
vRealize Log lnsight delivers heterogeneous and highly scalable log management. It provides deep operational visibility and faster troubleshooting across physical, virtual and cloud environments. The vRealize Log Insight LAM connects with the vRealize Log Insight server and fetches events from it. After fetching the events, the LAM forwards them to Moogsoft Enterprise.
You can install a basic vRealize Log Insight integration in the UI. See VMware vRealize Log Insight for integration steps.
Before You Begin
Before you start to set up the LAM, ensure you have met the following requirements for each vRealise Log Insight system:
You have the hostname or the IP address of the vRealize Log Insight server.
You have credentials to connect to the vRealize Log Insight server.
The port for your vRealize Log Insight server is open and accessible from Moogsoft Enterprise.
Configure the LAM
Edit the configuration file to control the behavior of the vRealize Log Insight LAM. You can find the file at $MOOGSOFT_HOME/config/vrealize_loginsight_lam.conf
.
See the LAM and Integration Reference for a full description of all properties. Some properties in the file are commented out by default. Uncomment properties to enable them.
Configure the connection properties for each target source:
url: Host name or IP address of the vRealize Log Insight server.
username: vRealize Log Insight console account username.
password or encrypted_password: vRealize Log Insight console account password or encrypted password.
Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:
disable_certificate_validation: Whether to disable SSL certificate validation.
path_to_ssl_files: Path to the directory that contains the SSL certificates.
server_cert_filename: SSL root CA file.
client_key_filename: Client SSL key.
client_cert_filename: Client SSL certificate.
Configure the LAM behavior for each target:
request_interval: Length of time to wait between requests, in seconds.
max_retries: Number of times the LAM attempts to reconnect after connection failure.
retry_interval: Length of time to wait between reconnection attempts, in seconds.
retry_recovery: Length of time between recovery requests, in seconds.
timeout: Length of time to wait before halting a connection or read attempt, in seconds.
requests_overlap: Period of time to delay processing duplicates.
overlap_identity_fields: List of payload tokens the LAM uses to identify duplicate events when vRealize Log Insight returns all open events and not just updated events.
Optionally configure filtering. The hostname and sources are joined using the
AND
condition while the fields within the filters are joined using theOR
condition:hostnames: Hostname(s) to filter by.
sources: Source(s) to filter by.
Optionally configure the LAM identification and capture logging details:
name: Maps to
$Laminstancename
, so that theagent
field indicates events Moogsoft Enterprise ingests from this LAM.capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.
Optionally configure the process logging details:
configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.
Example
An example vRealize Log Insight LAM configuration is as follows:
monitor: { name: "vRealize Log Insight Lam Monitor", class: "CvRealizeLogInsightMonitor", request_interval: 60, max_retries: -1, retry_interval: 60, targets: { target1: { url: "https://examplevrealize1", user_name: "vrealize_user1", #password: "password", encrypted_password: "qJAFVXpNDTk6ANq65pEfVGNCu2vFdcoj70AF5BIebEc=", disable_certificate_validation: false, path_to_ssl_files: "config", server_cert_filename: "server1.crt", client_key_filename: "client1.key", client_cert_filename: "client1.crt", request_interval: 60, max_retries: -1, retry_interval: 60, timeout: 120, requests_overlap: 10, overlap_identity_fields: ["hostname","event_type","appname","time_changed"], filter: { hostnames: [], sources: [], } target2: { url: "https://examplevrealize2", user_name: "vrealize_user2", #password: "password", encrypted_password: "bDGFSClSHBn8DSw43nGwSPLSv2dGwdsj50WD4BHdfVa&", disable_certificate_validation: false, path_to_ssl_files: "config", server_cert_filename: "server2.crt", client_key_filename: "client2.key", client_cert_filename: "client2.crt", request_interval: 60, max_retries: -1, retry_interval: 60, timeout: 120, requests_overlap: 10, overlap_identity_fields: ["hostname","event_type","appname","time_changed"], filter: { hostnames: [], sources: [], } } } }
Configure for High Availability
Configure the vRealize Log Insight LAM for high availability if required. See High Availability Overview for details.
Configure LAMbot processing
The vRealize Log Insight LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.
See LAMbot Configuration for more information. An example vRealize Log Insight LAM filter configuration is shown below.
filter: { presend: "VrealizeLogInsightLam.js", modules: [ "CommonUtils.js" ] }
Start and Stop the LAM
Restart the vRealize Log Insight LAM to activate any changes you make to the configuration file or LAMbot.
The LAM service name is vrealizeloginsightlamd
.
See Control Moogsoft Enterprise Processes for the commands to start, stop and restart the LAM.
You can use a GET request to check the status of the vRealize Log Insight LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.
Configure vRealize Log Insight
After you have the vRealize Log Insight LAM running and listening for incoming requests, you can configure vRealize Log Insight. See "Configure vRealize Log Insight" in VMware vRealize Log Insight.