• User authentication logs (e.g., login success and failure events) are not collected from the VMware Identity Manager (vIDM) instance in VMware Aria Operations for Logs.
• vIDM agents do not appear in the Agents menu on the Management tab within the VMware Aria Operations for Logs UI.

VMware Identity Manager 3.3.7

Aria Operations for Logs 8.18.x

The VMware Aria Operations for Logs agent is not installed by default on the vIDM appliance. Additionally, the default agent configuration often lacks the required parameters to establish a connection with the central server.

To resolve this issue, manually install the agent on the vIDM nodes and update the configuration parameters.

1. Install the Agent

1. Transfer the VMware Aria Operations for Logs agent RPM package to each of your vIDM cluster nodes.
2. Install the agent package on each node by running the following command: rpm -i <package_name>.rpm 

2. Configure the Agent

1. Open the liagent.ini file for editing at /var/lib/loginsight-agent.
2. Verify the target hostname is configured and add or enable the following parameters for encrypted log ingestion:
   • proto=cfapi
   • port=9543
   • ssl=yes
   • ssl_accept_any=yes
   • central_config=yes 
3. (Optional) For unencrypted log ingestion, use:
   • proto=cfapi
   • port=9000
   • ssl=no
   • central_config=yes 
4. Save the changes to the liagent.ini file.

3. Restart and Verify

1. Restart the agent service: service liagentd restart 
2. Log in to the VMware Aria Operations for Logs UI.
3. Navigate to Management > Agents to verify the vIDM agents are communicating.
4. Apply the VMware Identity Manager (formerly Workspace ONE) agent template to push the full configuration to the vIDM agents.
5. Confirm that the liagent-effective.ini file on the nodes is updated and verify that authentication events are being collected