Yes, I know this topic is a bit “meta”, as the kids would say. 🙂
I wanted to share a quick tip on how to monitor the log files of the Log Insight agent itself (by default located in C:\ProgramData\VMware\Log Insight Agent\log\liagent_*.log on Windows OS).
This log file contains a lot of good information on the health and configuration (changes) on the agent, so it’s a good practice to get it sent to the LI server along with all the other logs that the agent is collecting in the servers. This way we can do central monitoring, querying, alerting and all the other LI things that we know and love.
To get the LI agent log collected, follow the instructions below:
- Log in to LI and go to Administration -> Agents
- Create a new Agent Group called for example “Windows Machines”
- Set a filter of “OS – starts with – Microsoft Windows” to filter out only Windows machines.
- Create a new section for File Logs called for example “Log_Insight_Agent”
- Fill in the fields:
- Directory: “C:\ProgramData\VMware\Log Insight Agent\log”
- Include files: “liagent_*.log”
- (Fill in additional fields to make the log parsing better – need to research this more closely)
- Click “Save Agent Group” at the bottom of the page
- Go to the interactive analysis and make sure you can find the liagent_*.log log data.
Now you can follow up what happens when you update your agent configuration, for example when adding new log files to be collected. In the example below, I tried collecting c:\windows\windowsupdate.log, but intentionally made a spelling error, and the LI agent log nicely picks up that error:
I corrected the spelling error and reapplied the agent config, and now we can see that the windowsupdate.log is being collected properly without any error messages:
We could also add event markers, tags and other fun things to this configuration, but that’s for a later blog post.