0 Replies Latest reply on Jul 2, 2018 11:54 PM by quincunx5

    Sending logs to syslog server and snmp

    quincunx5 Lurker

      Hi all


      We recently have put in over a dozen vCloud Usage Meters (UM) globally to monitor our license usage and compliance.


      As part of this day and age, there naturally is more focus on security so we would like to monitor what is occurring on these virtual appliances.

      Normally, this would be in the form of configuring syslog on the device to point to our syslog-ng servers and using snmp traps for alerts (at a basic level)


      From reading the docs, speaking to VMWare local rep, etc. they said it isn't achievable and the only way to view the logs is via the web frontend (with the messages at the top - easily cleared) or by the manually creating support bundle package method which is cumbersome.


      However I'm not convinced given it sits on a SLES 12 core with Apache, Tomcat, Postgres, sendmail modules included this should be achieved.

      By digging around further and doing a brief amount of research, I believe that it should be possible to send to a syslog server as it used the standard Apache log4j frameworks.

      In the vCloud Usage Meter 3.6 manual on page 57 it mentions to make edits to the file /usr/share/tomcat/webapps/um/WEB-INF/classes/log4j.properties which governs the logging behavior.


      When I look at https://kb.vmware.com/s/article/2004564 (Enabling Centralized Logging in VMware vCloud Director (2004564)), it has a whole section on editing the log4j.properties  in the $VCLOUD_HOME/etc directory and mentions to add a few extra lines to that file to enable centralized logging by adding a new Syslogappender that transmits log messages that are INFO-level or above.


      So, given the above are we able to perform a workaround with this – given the similarities between the VMWare suite and use of the underlying apache log4j system?


      Are the class names etc. in the above vCloud Director KB valid for re-use in UM i.e. log4j.appender.vcloud.system or do they need tweaking to something else like log4j.appender.rootRoll (sorry - not familiar with the syntax)


      Obviously, there are caveats as well i.e. if you upgrade / redelpoy the appliance these will be lost - which we are comfortable with.


      Our security folks are mandating that each device has to have some sort of centralized logging capability, otherwise they wont approve it.


      We also want to do monitoring via SNMP / Zenoss, a previous thread over 3 years ago has mixed results. Install SNMP on UM 3.2

      i.e. adding line "snmpd: ALL : ALLOW" to the /etc/hosts.allow file using vi.

      Other solution was to add packages from the standard SLES distro on but I thought that was disallowed as additions to OVF virtual appliances are frowned upon



      Thanks in advance for your help / guidance





      Melbourne, Australia