Logs are not sent to vRealize Log Insight after vRealize Operations 6.7 upgrade
search cancel

Logs are not sent to vRealize Log Insight after vRealize Operations 6.7 upgrade

book

Article ID: 312260

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • vRealize Operations Manager 6.6.x or earlier is configured to send logs to vRealize Log Insight.
  • vRealize Operations Manager stopped sending log to vRealize Log Insight after upgrading to vRealize Operations Manager 6.7.
  • Disconnected states are seen under Administration > Agents in vRealize Log Insight.
  • On the vRealize Operation Manager appliances in /var/log/loginsight-agent/liagent_postfixdate.log you see error similar to:
2018-04-13 22:01:03.857183 0x00007f35767e4700 <trace> CFApiTransport:128 | Re-connecting to server <vrli_hostname>:9543
2018-04-13 22:01:04.369116 0x00007f35767e4700 <warng> SSLVerifyContex:160| Certificate pre-verify error = 19 while trying connect to '<vrli_hostname>'. self signed certificate in certificate chain
2018-04-13 22:01:04.371109 0x00007f35767e4700 <error> CurlConnection:781 | Transport error while trying to connect to '<vrli_hostname>': Peer certificate cannot be authenticated with given CA certificates
2018-04-13 22:01:04.371211 0x00007f35767e4700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 250 sec]


Environment

VMware vRealize Operations Manager 7.5.x
VMware vRealize Log Insight 4.0.x
VMware vRealize Operations Manager 7.0.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Log Insight 4.x
VMware vRealize Log Insight 4.6.x
VMware vRealize Log Insight 4.3.x
VMware vRealize Log Insight 4.5.x

Cause

vRealize Operations Manager 6.6.1 and earlier had the vRealize Log Insight 3.6 agent pre-installed.
This version of the agent defaults to a non-secure connection back to vRealize Log Insight, so an empty ssl value is considered as ssl=no.

When vRealize Operations Manager is upgraded to version 6.7, the vRealize Log Insight agent is upgrade to version 4.5
The new versions of the agent defaults to a secured communication to vRealize Log Insight, and an empty value of ssl is considered as ssl=yes.

Resolution

To resolve this issue, explicitly set the configuration information for Log Forwarding.
  1. Log into the vRealize Operations Manager UI as admin.
  2. Navigate to Administrations > Management > Log Forwarding.
  3. Set the configuration to the following:

Host: log_insight_address
Port: 9000
Use SSL: unchecked
Certificate path: leave blank
Protocol: cfapi

Note: Replace log_insight_address with the IP/FQDN of the vRealize Log Insight instance.
The Port option can be changed if a custom port is required in your environment.

  1. Check the desired log sections under Forwarded Logs.


Additional Information

If the SSL information has been explicitly set before the vRealize Operations Manager 6.7 upgrade by manually editing the liagent.ini file, or from Administration > Support > Logs, the logs should continue to send after the upgrade.
However, it is recommended to re-save the configuration from the Administration > Management > Log Forwarding page.

Powered by Wolken Software