This page shows you how to configure log collection for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
Before configuring log collection for vRealize, you must have completed the following:
Installed and configured vRealize Log Insight to retrieve logs from vCenter and ESXi hosts.
Installed a Sumo Logic collector on a VM (or an external machine), or rsyslog or syslog-ng, must be configured and reachable from the vRealize Log Insight host. To install a Sumo Logic collector, follow the instructions on this page.
Setting up vRealize Log Insight log collection
To set up vRealize Log Insight log collection for Sumo Logic, do the following:
- Log in to vRealize Log Insight UI, and navigate to Management > Event Forwarding.
- Add a new connection by clicking New Destination.
- In the Edit Destination dialog, specify the following information. Optionally, you can also add additional tags and also filter the events on this popup.
- Test and Save the connection.
- Verify logs in Sumo Logic. The following is a sample log message of vRealize forwarded events.
<167> 2019-12-15T13:08:16.441Z esxi1.esxlab.com Rhttpproxy: verbose rhttpproxy [Originator@6876 sub=Proxy Req 07995] Resolved endpoint : [N7Vmacore4Http16LocalServiceSpecE:0x000000bef0b83650] _serverNamespace = /sdk action = Allow _port = 8307