This page shows you how to configure log collection for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
Before configuring log collection for vRealize, you must have completed the following:
Installed and configured vRealize Log Insight to retrieve logs from vCenter and ESXi hosts.
Installed a Sumo Logic collector on a VM (or an external machine), or rsyslog or syslog-ng, must be configured and reachable from the vRealize Log Insight host. To install a Sumo Logic collector, follow the Installed Collectors instructions.
Setting up vRealize Log Insight log collection
These instructions apply to vRealize Log Insight 8.0, may differ for earlier versions.
To set up vRealize Log Insight log collection for Sumo Logic, do the following:
Log in to vRealize Log Insight UI, and navigate to Management > Event Forwarding.
Add a new connection by clicking New Destination.
In the Edit Destination dialog, specify the following information. Optionally, you can also add additional tags and also filter the events on this popup.
Test and Save the connection.
Verify logs in Sumo Logic. The following is a sample log message of vRealize forwarded events.
<167> 2019-12-15T13:08:16.441Z esxi1.esxlab.com Rhttpproxy: verbose rhttpproxy
[Originator@6876 sub=Proxy Req 07995] Resolved endpoint :
[N7Vmacore4Http16LocalServiceSpecE:0x000000bef0b83650] _serverNamespace = /sdk action = Allow _port = 8307