Opsmanager rsyslog client does not forward audit logs
search cancel

Opsmanager rsyslog client does not forward audit logs

book

Article ID: 391700

calendar_today

Updated On: 03-24-2025

Products

VMware Tanzu Platform

Issue/Introduction

After first configuring a remote syslog for Tanzu Opsmanager with default settings, see public documentation, syslog will start sending these logs:

/var/log/opsmanager/*.log
/var/log/opsmanager/uaa.err
/var/log/opsmanager/uaa.out
/var/log/opsmanager/audit_log.txt
/home/tempest-web/uaa/tomcat/logs/uaa.log
/home/tempest-web/uaa/tomcat/logs/uaa_events.log 
/var/log/auth.log
/var/log/syslog
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log 

After some time logrotate will restart syslog service in Opsmanager and only the following logs are seen in the remote endpoint:

/var/log/auth.log
/var/log/syslog
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log 

Environment

Tanzu Operations Manager v3

Resolution

This issue is resolved in Tanzu Opsmanager v3.0.40 

As a workaround, if an upgrade is not possible edit the file " /etc/logrotate.d/tempest " in Tanzu Opsmanager VM:

# replace in the postrotate block 
sudo service rsyslog force-reload 

# with
sudo systemctl kill -s HUP rsyslog.service