You need to configure log forwarding from various VMware Cloud Foundation (VCF) components (Operations, Automation, NSX, vSAN, Fleet Manager, and SDDC Manager) to a newly deployed VCF Operations for Logs 9.0.1 cluster.

• VCF Operations for Logs 9.0.x
• VCF Operations 9.0.x
• VMware Cloud Foundation 9.0.x

Newly deployed VCF Operations for Logs clusters do not automatically ingest logs from all external VCF components. Explicit manual and automated configurations are required within each respective component's UI or via centralized management interfaces to successfully establish comprehensive log forwarding.

Complete the following steps in order to configure log forwarding for each VCF component:

1. Configure SDDC Manager log forwarding
   • Download the deploy_vcf_ops_logs_agent.sh script from KB - Deploy and configure "VCF operations for logs" 9.0 agent in SDDC Manager.
   • Run the script as root as described in the KB: /bin/bash deploy_vcf_ops_logs_agent.sh <VCF_ops_logs_FQDN>
     
     NOTE: Replace <VCF_ops_logs_FQDN> with the fully qualified domain name of the VCF Operations for Logs appliance
     
     
2. Configure Fleet Management log forwarding
   • Log into the VCF Operations UI.
   • Navigate to Fleet Management > Lifecycle > VCF Management.
   • Click the Settings tab and select Logs on the left menu.
   • Under the Agent Configuration, set Hostname to the Logs VIP.
   • Select your preferred Server Protocol and Port:
     • operations-logs (CFAPI): Recommended. Proprietary ingestion API that supports local buffering, compression, and encryption. Ensure port 9000 (cleartext) or 9543 (SSL) is open on your firewall between the appliance and the Logs VIP.
     • SYSLOG: Standard logging protocol. Ensure port 514 (UDP/TCP), 1514 (UDP), or 6514 (SSL over TCP) is open on your firewall between the appliance and the Logs VIP.
   • If using SSL, check the Secure Communication (SSL) box, and check Accept Any (if using self-signed certificates).
   • Click SAVE.
     
     
3. Configure VCF Suite log forwarding (Operations, Automation, Networks, Identity Broker)
   • In the VCF Operations UI, navigate to Infrastructure Operations > Configurations > Log Collection.
   • Edit the configurations to activate log collection for the VCF Operations and VCF Automation environments.
   • Note: If installed via Fleet Management, Operations for Networks and VCF Identity Broker log forwarding can also be activated automatically from this menu.
     
     
4. Configure ESXi Host log forwarding
   • In the VCF Operations UI, navigate to Infrastructure Operations > Configurations > Log Collection.
   • Expand the vCenter section.
   • Click the ellipses next to the management vCenter and select Edit.
   • Check Activate for ESX Logs if it is not already checked.
   • Verify that Collect Logs directly in Logs Cluster is set to the Log Cluster VIP/FQDN to ensure proper load balancing.
   • Save the configuration.
   • Note: When adding more vCenter Servers or a Workload Domain VC, ensure the VC/VCF adapter has Activate Log Collection checked when configuring the adapter under Administration > Integrations.
     
     
5. Configure NSX log forwarding
   • In the NSX Manager UI, navigate to System > Fabric > Profiles > Node Profiles.
   • Edit the All NSX Nodes profile and add the Logs VIP as a Syslog server.

As additional VCF 9 components are onboarded, monitor the overall log ingestion rate. Utilize the sizing tool to calculate exact requirements and review the sizing guidelines to prevent performance degradation or dropped logs.

• SDDC Manager: Deploy and configure "VCF operations for logs" 9.0 agent in SDDC Manager
• NSX: Add Syslog Servers for NSX Nodes (NSX 9.0)
• NSX: Configure All NSX Nodes to Forward Logs (VCF 9.x)
• Architecture: Centralized Log Collection Architecture
• Sizing & Capacity: VCF Operations 9.0 Sizing Guidelines (KB 397782)
• Monitor VCF Logs: Check the Health of the VCF Operations for logs Virtual Appliance (page 118)
• Sizing Tool: VCF Operations for Logs Sizer Tool