Manually set Syslogs to send via UDP
search cancel

Manually set Syslogs to send via UDP

book

Article ID: 387087

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Expected and recommended workflow to forward Syslogs from Aria Operations to a 3rd party via UDP, would be to use Aria Operations for Logs as a forwarder.

However, in the scenario where it is not possible to use Aria Operations for Logs, this can be set manually.

 

Environment

Aria Operations 8.x

Resolution

  1. In the Aria Operations UI go to "Administration -> Control Panel -> Log Forwarding"
    • Make sure to check the box labeled "Output logs to external log server."
    • Input the FQDN or IP of the host you want to send the logs to.
    • Set Protocol to "Syslog"
    • Hit "Apply Changes" in the lower right corner.
  2. Log in to each Analytics node and Cloud Proxy through SSH as "root" and perform the following steps:
    • Run command: vi /var/lib/loginsight-agent/liagent.ini
    • Look for "proto=syslog" that is not commented out (without the semicolon in front)
    • Hit the "Insert" key
    • change "proto=syslog" to "proto=syslog_udp"
    • verify that "port" is set to 514
    • Hit "Esc"
    • Type the following to Save and Exit:   :wq  
    1.  

 

There is no need to restart any services, changes should take effect within a few minutes.

*NOTE* If this solution is applied and then a change is made and saved via the GUI, it will override the manual changes made below, and you will have to repeat the procedure.

Powered by Wolken Software