VMware Cloud Community
JosePerez99
Contributor
Contributor
‎06-01-2023 03:19 PM
Jump to solution

securely forward vRealize Operations logs to a syslog server

Hello everyone, I need your help to solve a problem

I need to forward logs to an external server from vROps, the problem is that I can't understand which port or which protocol I have to use to be able to do it, when sending these logs I need them to be sent securely (SSL) could someone guide me on this please?

I attach a screenshot of the 2 protocols that appear to me and the ports.

JosePerez99_0-1685657911683.pngJosePerez99_1-1685657929073.pngThank you very much in advance for everything.

0 Kudos
1 Solution

Accepted Solutions
Shen88
Hot Shot
Hot Shot
‎06-01-2023 03:36 PM
Jump to solution

@JosePerez99,

Please refer this log forwarding URL where it clearly outlines that either using CFAPI with 9543 or Syslog with 6541 ensures the data is sent securely. In terms of choosing between these 2 protocols be are that syslog uses UDP, TCP, TCP+SSL, whereas CFAPI is the VMware Aria Operations for Logs native ingestion protocol over HTTP or HTTPS.

Also, below comparision might help.

  • CFAPI — Events are sent in their original format to VMware Aria Operations for Logs using cfapi. Events sent over cfapi do not have to follow the guidelines of a syslog event and are not modified to comply with the syslog RFC.
  • Syslog — VMware Aria Operations for Logs can ingest data from any source via syslog. Just set the VMware Aria Operations for Logs server as your syslog destination.
If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen

View solution in original post

0 Kudos
1 Reply
Shen88
Hot Shot
Hot Shot
‎06-01-2023 03:36 PM
Jump to solution

@JosePerez99,

Please refer this log forwarding URL where it clearly outlines that either using CFAPI with 9543 or Syslog with 6541 ensures the data is sent securely. In terms of choosing between these 2 protocols be are that syslog uses UDP, TCP, TCP+SSL, whereas CFAPI is the VMware Aria Operations for Logs native ingestion protocol over HTTP or HTTPS.

Also, below comparision might help.

  • CFAPI — Events are sent in their original format to VMware Aria Operations for Logs using cfapi. Events sent over cfapi do not have to follow the guidelines of a syslog event and are not modified to comply with the syslog RFC.
  • Syslog — VMware Aria Operations for Logs can ingest data from any source via syslog. Just set the VMware Aria Operations for Logs server as your syslog destination.
If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen
0 Kudos