After first configuring a remote syslog for Tanzu Opsmanager with default settings, see public documentation, syslog will start sending these logs:
/var/log/opsmanager/*.log
/var/log/opsmanager/uaa.err
/var/log/opsmanager/uaa.out
/var/log/opsmanager/audit_log.txt
/home/tempest-web/uaa/tomcat/logs/uaa.log
/home/tempest-web/uaa/tomcat/logs/uaa_events.log
/var/log/auth.log
/var/log/syslog
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
After some time logrotate will restart syslog service in Opsmanager and only the following logs are seen in the remote endpoint:
/var/log/auth.log
/var/log/syslog
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
Tanzu Operations Manager v3
This issue is resolved in Tanzu Opsmanager v3.0.40
As a workaround, if an upgrade is not possible edit the file " /etc/logrotate.d/tempest " in Tanzu Opsmanager VM:
# replace in the postrotate block
sudo service rsyslog force-reload
# with
sudo systemctl kill -s HUP rsyslog.service