Forwarding Events from vRealize Log Insight

vRealize Log Insight Forwarding and Filtering
vRealize Log Insight Forwarding and Filtering

I have so far written a few articles on vRLI, see the links at the bottom of this page for the links.

This article goes in to forwarding events from vRealize Log Insight to a 3rd party Syslog Server and filtering them.

vRealize Log Insight Forwarding and Filtering

vRealize Log Insight Forwarding and Filtering

The use case for doing this is that vRLI is being used by the cloud admin for troubleshooting and monitoring purposes, but perhaps the organisation has a security team which require all security logs be forwarded to their system. This is fairly common in large enterprises that use Splunk or other tools to collect logs across all systems.

From the Log Insight console, click the Drop down, Then Administration, Event Forwarding, and then New Destination as shown below:

You then need to give the Destination a Name, enter the host, and select your protocol.

Note above I have entered a filter, to only send events that have the Channel filed equal “security“.

Clicking the “Run in Interactive Analytics’s” will show you all the past events that will be forwarded:

And the new forwarder looks like the below:

See my other posts on vRealize Log Insight:

Deploying and Configuring vRealize Log Insight

Adding Slave Nodes & Configuring a Cluster

Integrating vROps and vRLI

Configuring NSX to send logs to vRLI