Friday, 24 June 2016

Configure Syslog For VDP Appliance

So you want to forward VDP logs to a syslog server? Okay. Is it supported officially? No, VDP does not support forwarding its logs to a different machine or a log solution. Is a workaround available? Yes.

The VDP appliance is based on a SUSE box and we have the syslog-ng file which can be used to configure remote syslog for this machine.

In my lab, I have a VDP 6.1.2 appliance which is configured to a 6.0 U2 vCenter Server. The syslog collector solution I have here is VMware vRealize Log Insight. 

So how do we achieve this?

1. So William Lam has written a script which can be used to configure syslog for various VMware products. We will be using that script to configure syslog for VDP Server. Download the script from this link here.

2. So once this shell script is downloaded, copy this file into your VDP appliance root directory or /tmp directory. I used WinSCP to move this file to the appliance. 

3. Run the script using the below format:
# ./configurevCloudSuiteSyslog.sh vdp <Remote-Syslog-IP>

4. Once this command is executed browse to the following directory to view the syslog-ng configuration file.
# cd /etc/syslog-ng
#less syslog-ng.config 

5. The end of the file will have these lines appended:

# Configured using vCloud Suite Syslog Configuration Script by William Lam
source vdp {
       file("/space/avamar/var/log/av_boot.rb.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/space/avamar/var/log/dpnctl.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/space/avamar/var/log/dpnnetutil-av_boot.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/log/dpnctl.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/log/av_boot.rb.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/log/av_boot.rb.err.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/log/dpnnetutil-av_boot.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/avi/server_log/flush.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/avi/server_log/avinstaller.log.0" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/vdr/server_logs/vdr-server.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/vdr/server_logs/vdr-configure.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamar/var/flr/server_logs/flr-server.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/data01/cur/err.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamarclient/bin/logs/VmMgr.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamarclient/bin/logs/MountMgr.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamarclient/bin/logs/VmwareFlrWs.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
       file("/usr/local/avamarclient/bin/logs/VmwareFlr.log" log_prefix("vdp: ") follow_freq(1) flags(no-parse));
};

# Remote Syslog Host
destination remote_syslog {
      udp("192.168.10.6" port (514));

};

log {
        source(vdp);
        destination(remote_syslog);
};

The port used here is UDP and the IP 192.168.10.6 is my Log Insight server IP, this will of course vary for you. 

6. Over to the Log Insight, Under the Hosts section, you can see my VDP section added:


7. When I click vdpnew (Hostname of my VDP appliance), I see the logging being available:



Well, that's pretty much it. Just a workaround, not officially supported though.