Unable to send the windows server logs to Aria Operations for logs.
search cancel

Unable to send the windows server logs to Aria Operations for logs.

book

Article ID: 418404

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Navigating to Aria Operations for Logs UI > Management > Agents > Shows windows server as active but events sent shows 0 

  • The Windows server failed to send alerts to Aria Operations for logs.
  • The logs from %ProgramData%\VMware\Log Insight Agent\logs\date_latest_log.file shows connection is successful unable to the logs on Aria Operations for logs UI.

 

Environment

The VMware Aria Operations for Logs 8.18.x Windows agent supports the following versions:
Windows 10, Windows 11 (supported, but not tested)
Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

Cause

After installation, the liagent.ini file contains pre-configured default settings for the VMware Aria Operations for Logs Windows Agent, however it needs to be configured with relevant configuration.

Resolution

To resolve this issue edit Aria Operations for liagent configuration file in %ProgramData%\VMware\Log Insight Agent

  • Open the liagent.ini file on the Windows server:

    %ProgramData%\VMware\Log Insight Agent\liagent.ini

  • Remove the semicolon (;) in front of the following parameters and ensure correct values are set:

    • hostname

    • port

    • proto

    • Required [winlog|...] sections (for example: Application, Security, System)

  • Save the file.

; VMware Aria Operations for Logs Agent configuration. Please save as UTF-8 if you use non-ASCII names / values !
; Actual configuration is this file joined with settings from server to form liagent-effective.ini
; Note: Restarting the agent is not required after making a configuration change
; Note: It may be more efficient to configure from server's Agents page !

[server]

; Hostname or IP address of your Operations for Logs server / cluster load balancer. Default:
hostname=##.##.##.##

;Protocol can be cfapi (Operations for Logs REST API), syslog, syslog_udp. Default:
proto=cfapi

; Operations for Logs server port to connect to. Default ports for protocols:
; syslog and syslog_udp: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:
port=9543

; SSL usage. Default:
;ssl=yes
Example of configuration with trusted CA:
;ssl=yes
;ssl_ca_path=/etc/pki/tls/certs/ca.pem

; Time in minutes to force reconnection to the server.
; This option mitigates imbalances caused by long-lived TCP connections. Default:
;reconnect-30

; Allow the agent to receive central configuration from the server.
; If disabled, only agent-side configuration will be applied. Default:
; central_config=yes

; FIPS mode.
; Possible values are 1 or 0. Default:
;ssl_fips_mode=1

[logging]
; Logging verbosity: 0 (no debug messages), 1 (essentials), 2 (verbose with more impact on performance).
; This option should always be 0 under normal operating conditions. Default:
;debug_level=0

; Frequency to print agent dynamic information in minutes. Default:
;stats_period=15

[winlog|section_name]
channel=event_channel_name

Additional Information

Release notes

Configuring the agent in Windows

Powered by Wolken Software