Configuring a Cumulus Switch to Send syslog info to vRealize Log Insight

Log Insight is a so much more than a syslog collector, however this post focuses on how to export syslog files from a Cumulus switch.  Today, it doesn’t appear so though Cumulus has a content pack for Log Insight but you may want to check the VMware Solution Exchange.  Until then syslog must be manually configured to export log files.  Fortunately the process is relatively straightforward.

The following steps must be completed:

1. The  switch will need an IP Address on the network where the Log Insight collector is located, this can be done by editing the /etc/network/interfaces file.   You can use cat, nano, or vi to verify that the switch has an interface on the same network as the Log Insight collector.

auto br-rack.3100
iface br-rack.3100
address 192.168.16.1/24

2. If you had to manually add an IP address, the networking service on the Cumulus switch must be restarted using the command service networking restart

3. After successfully restarting networking attempt to ping the IP address of the Log Insight server, in my environment it is 192.168.16.7
Note: Optionally you may wish to establish a Telnet session to verify that you can reach the syslog server.  To do so type telnet 192.168.16.7:514

4. Next configure syslog by creating a file named /etc/rsyslog.d/90-remotesyslog.conf and add the following content:

## Copy all messages to the Log Insight server at 192.168.16.7 port 514
*.*                             @192.168.16.7:514

5. We also want to ship switchd logs to the syslog server by creating a file named /etc/rsyslog.d/24-switchd.conf
## Logging switchd messages to Log Insight
$ModLoad imfile
$InputFileName /var/log/switchd.log
$InputFileStateFile logfile-log
$InputFileTag switchd:
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 5
$InputRunFileMonitor

if $programname == ‘switchd’ then @192.168.16.7:514

6. You may also find it useful to log information for clagd.  I created a file named 20-clagd.conf and added the following

## Logging clagd messages to Log Insight
:programname, isequal, “clagd” -/var/log/clagd.log

7. When finished type service rsyslog restart

8. Next go log in to Log Insight, the default user name is admin.

9. Click on the Interactive Analytics button and filter by source (192.168.16.1), if it has been successfully configured you should see several events from the switch.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s