VMware

vRealize Log Insight log forwarding to syslog server (only user activity's/Audit logs)

Leave a comment
This post was originally published on this site

Log in (SSH) to Log Insight with root user:

 

#cd /var/lib/loginsight-agent/

 

Open liagent.ini file and press “i” and move to end of the file

 

#vim liagent.ini

 

[filelog|runtime-log]

 

directory=/storage/var/loginsightinclude=runtime.log;runtime.log.*

 

[filelog|loginsight-config]

 

directory=/storage/core/loginsight/config

 

include=loginsight-config.xml*

 

/storage/var/loginsight/audit.log

 

 

[filelog|audit-log]

 

directory=/storage/var/loginsight/audit.log

 

include=audit.log;audit.log.*

include=runtime.log;runtime.log.*

 

[server]

 

hostname=10.1.9.71 #syslog server IP Address

;

proto=syslog    #Protocol type

;

port=10065    #port number

;

 

#wq!    # save the file

 

## reboot log insight.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.