Been experimenting with the vCenter Log Insight beta and have all the devices capable of sending syslog sending it to the Log Insight appliance. Pretty cool stuff. However, I deal a lot with Horizon View connection servers and their various logs, and given the ability of Log Insight to ferret out and find details in logs, I thought it would be great to pipe the View logs in to Log Insight for digestion.
Turns out this is pretty simple using Datagram SyslogAgent which not only can send Windows event logs, it can also follow any text log file and pipe it to a remote Syslog server. The great thing is the agent is free and a breeze to install.
Simply download the zip and extract it someplace permanent (Program Files), then run the SyslogAgentConfig.exe utility. Install the service, enter the syslog server IP and port, enable forwarding of event logs if you like, and then enable forwarding of application logs. I created two application log entries – pcoip and Vmware View, as they are in different folders. Editing one allows you to choose the directory and parsing options:
I used the ‘Suggest Settings’ button which will parse the files and determine the appropriate options.
Once done, just start the service and watch syslog data flow to your syslog server!
Also super handy, the settings are stored in the registry which can be exported to other View servers to make installation and configuration a snap. Just export “HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent” and its child keys, delete the “LastRun” entry from the .reg file and then import the .reg file to the other hosts, then run SyslogAgentConfig.exe which will show the copied configuration. Install and start the service.