TKGi 1.2x

VMware Aria operations for Logs

Problem with user permissions preventing the logs to be visible from the VMware Aria operations for Logs UI, however if admin or user with admin privileges  is used the logs can be viewed.

In order to confirm the agent is correctly installed we used several different approaches to confirm.

1. Verify with logger if messages are recorded to the VIP on port 514 (basic syslog server) 

logger -d -n 172.xxx.xxx.10 -P 514 "<13>$(date '+%b %d %H:%M:%S') myclient curl-test: remote test message"      #UDP message on port 514
logger -T -n 172.xxx.xxx.10 -P 514 "<13>$(date '+%b %d %H:%M:%S') myclient curl-test: remote test message"      #TCP message on port 514
logger "<13>$(date '+%b %d %H:%M:%S') myclient curl-test: remote test message"                                                      #record message to localsyslog

2. verify if messages are sent from the tkgi-api vm verifying the conf file and running packet capture

bosh -d pivotal-container-service-<ID> vms
bosh -d pivotal-container-service-<ID> ssh pivotal-container-service/<ID>
sudo -i
cat /var/vcap/jobs/pks-vrli-control-plane-fluentd/config/fluent.conf    ### verify if VMware Aria operations for Logs is configured and the host and agent ID are present
<match **>
  @type loginsight_buffered
  host <FQDN>
  port 9543
  scheme https
    ca_file /var/vcap/jobs/fluentd/config/vrli_ca_cert.pem
    ssl_verify false
ping <FQDN of VRLI>                                                                                  ### confirm the IP
tcpdump -i eth0 host <IP of VRLI VIP>                                                     ### wait for some time to confirm if packets are flowing

3. Verify with tcpdump from the VMware Aria operations for Logs VIP and workers that packets are arriving