vCenter

 View Only
  • 1.  vCenter VCSA Syslog Console Commands to LogInsight

    Posted Jan 18, 2023 02:13 PM

    Greetings all--

    I have vcsas & have LogInsight.  I have the vcsa's VAMI configured to send syslog to our LogInisght.  I've confirmed Im receiving vcenter-related events (ie, appname=vpxa, etc); however, I'm not seeing any of the vcsa appliance OS logs (like any bash/shell commands sent).  I see shell commands from our esx hosts-- just not the vcsas.

    Anyone know what additional setup is required for the OS itself?  Do I need something special in the syslog config or liagent.conf?

    Thanks in advance.



  • 2.  RE: vCenter VCSA Syslog Console Commands to LogInsight

    Posted Jan 18, 2023 03:33 PM

    It should be possible actually. Never had occasion to test it. 



  • 3.  RE: vCenter VCSA Syslog Console Commands to LogInsight
    Best Answer

    Posted Jan 18, 2023 03:45 PM

    Alright so I think I figured it out but I'll post here my solution for others and open it up to additional conversation.

    In a lab vcenter (7.x vcsa) and lab loginsight (8.10) environment I did the following:

    This is not an exact/details list of commands/steps-- just high level what I did...

    Log Insight > Management > Agents >
    Selected vSphere 7.0 - vCenter (Linux) agent template and copied it
    Reproduced the File Log "audit" section from the legacy "Linux - systemd" template into this new template (ie, added the /root/ directory and .bash_history sections with tag 'audit' & tag value 'bash_history'
    Downloaded Log Insight Agent Version 8.10.0 rpm
    Copied RPM to VCSA /tmp directory (used winscp)
    Installed liagent rpm file (rpm -i filename.rpm)


    That was it. Now I have all the bash_history commands of the vcsa sending to loginsight. Happy days.



  • 4.  RE: vCenter VCSA Syslog Console Commands to LogInsight

    Posted Jan 18, 2023 05:27 PM

    thx for hint. Will write it down to my onenote for future