forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_vrealize-logs.html.md.erb
19 lines (19 loc) · 3.35 KB
/
_vrealize-logs.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
You can manage logs using [VMware vRealize Log Insight (vRLI)](https://www.vmware.com/products/vrealize-log-insight.html). The integration pulls logs from all BOSH jobs and containers running in the cluster, including node logs from core Kubernetes and BOSH processes, Kubernetes event logs, and POD stdout and stderr.
<p class="note"><strong>Note</strong>: Before you configure the vRLI integration, you must have a vRLI license and vRLI must be installed, running, and available in your environment. You need to provide the live instance address during configuration. For instructions and additional information, see the <a href="https://docs.vmware.com/en/vRealize-Log-Insight/index.html">vRealize Log Insight documentation</a>.</p>
By default, vRLI logging is disabled. To enable and configure vRLI logging, under **Enable VMware vRealize Log Insight Integration?**, select **Yes** and then perform the following steps:
1. Under **Host**, enter the IP address or FQDN of the vRLI host.
1. (Optional) Select the **Enable SSL?** checkbox to encrypt the logs being sent to vRLI using SSL.
1. Choose one of the following SSL certificate validation options:
* To skip certificate validation for the vRLI host, select the **Disable SSL certificate validation** checkbox. Select this option if you are using a self-signed certificate in order to simplify setup for a development or test environment.
<p class="note"><strong>Note</strong>: Disabling certificate validation is not recommended for production environments.</p>
* To enable certificate validation for the vRLI host, clear the **Disable SSL certificate validation** checkbox.
1. (Optional) If your vRLI certificate is not signed by a trusted CA root or other well known certificate, enter the certificate in the **CA certificate** field. Locate the PEM of the CA used to sign the vRLI certificate, copy the contents of the certificate file, and paste them into the field. Certificates must be in PEM-encoded format.
1. Under **Rate limiting**, enter a time in milliseconds to change the rate at which logs are sent to the vRLI host. The rate limit specifies the minimum time between messages before the fluentd agent begins to drop messages. The default value (0) means the rate is not limited, which suffices for many deployments.
<p class="note"><strong>Note</strong>: If your deployment is generating a high volume of logs, you can increase this value to limit network traffic. Consider starting with a lower number, such as 10, and tuning to optimize for your deployment. A large number might result in dropping too many log entries.</p>
1. To enable clusters to drain app logs to sinks using `syslog://`, select the **Enable Sink Resources** checkbox.
For more information about using sink resources,
see [Creating Sink Resources](create-sinks.html).<br>
<img src="images/sink-resource.png" width="360" alt="Enable sink resource checkbox">
1. Click **Save**. These settings apply to any clusters created after you have saved these configuration settings and clicked **Apply Changes**. If the **Upgrade all clusters errand** has been enabled, these settings are also applied to existing clusters.
<p class="note"><strong>Note</strong>: The PKS tile does not validate your vRLI configuration settings. To verify your setup, look for log entries in vRLI.</p>