VMware vRealize Automation 8.0 Logs

Reading time: 8 minutes

Over the past several years of using vRealize Automation 6.x and 7.x, I have generated numerous dashboards and search queries within Splunk to explore the log data generated by these products. Knowing that vRealize Automation 8.0 is an entirely new product compared to previous versions, I decided that it was time to begin reviewing the log data being generated by the appliance to determine what information could be obtained from the logs. This post will discuss the logging capabilities of vRealize Automation 8.0, as well as the data that can be collected by analyzing the logs.

How to Access the Logs

The ability to forward logs to a centralized log server is essential when attempting to operate a private cloud. Knowing that I need to get the log data from the vRealize Automation 8.0 appliance to my Splunk server, I began reading the vRealize Automation 8.0 documentation titled Working with logs in vRealize Automation. The documentation details two methods of obtaining log data from the virtual appliance. The first method provided is the ability to create on-demand log bundles similar to what we’ve been doing for years when opening technical support tickets with VMware. The second method provided is to forward the logs to a remote VMware Log Insight server.

Generating a Log Bundle

The generation of a log bundle is a simple process withing vRealize Automation 8.0 and is accomplished by utilizing the vracli command. To create a log bundle:

  1. SSH to the vRealize Automation appliance
  2. Issue the command vracli log-bundle
    (if you are running a clustered deployment, you only need to issue the command from one appliance)
  3. Copy the log bundle from the path where you executed the command

That’s all there is to it. Of course, some additional options and flags can be specified, but for the basic log bundle generation, the above is all you’ll need. If you’re curious about the additional options, you can find further information on the How do I work with logs and log bundles in vRealize Automation documentation page.

Forwarding Logs to a Remote Server

Forwarding the vRealize Automation 8.0 logs to a remote server is the option that most people will want to implement. While previous releases of vRealize Automation provided flexible forwarding options for remote log aggregation services, to my surprise, the vRealize Automation 8.0 appliance only supports the forwarding of logs using the VMware Log Insight (vRLI) API via HTTP/HTTPs POSTs.

To configure forwarding of log data to a vRLI deployment:

  1. SSH to the vRealize Automation appliance
  2. Issue the command vracli vrli {vRLI FQDN}

I found in my lab environment that all of my log entries showed up in vRLI with a source hostname of “symphony-logging-daemonset-vf8md” which matched the runtime name of the Kubernetes pod responsible for aggregating and managing vRealize Automation 8.0’s log data. While some log entries do include the vRA appliance FQDN in a field titled “host”, not all of the log entries include this field. Additionally, all log entries show a source IP address of “”. Because of the lack of a properly-identified source, determining the source of your vRealize Automation 8.0 logs in vRLI will be quite tricky.

What About Syslog?

VMware chose to implement remote logging withing vRealize Automation 8.0 using Fluentd. Having never heard of Fluentd, I decided to do a little reading and ran across the blog post titled Forwarding Kubernetes Logs to vRealize Log Insight via Fluentd. From this post, I learned that Fluentd is a popular choice for forwarding logs from Kubernetes environments. It is a powerful solution with many plugins to support multiple log input and output formats. Unfortunately, it appears that vRealize Automation 8.0’s implementation today only supports vRLI as the output type (no Syslog here). We can confirm the supported Fluentd output methods by checking the Fluentd plugins directory within the container. First, we need to determine the Name or ID of the container that runs Fluentd:

root@vlab-vra \[ ~ \]# docker ps | grep symphony
5edaa3595dff        60d42ba9520d        "/usr/bin/fluentd --…"   16 minutes ago      Up 16 minutes                           k8s\_symphony-logging-agent\_symphony-logging-daemonset-v2c5t\_prelude\_b4d585ad-3c01-11ea-ab84-0050569671c4\_9
2ffbb2970db5        vmware/pause:3.1    "/pause"                 6 hours ago         Up 6 hours                              k8s\_POD\_symphony-logging-daemonset-v2c5t\_prelude\_b4d585ad-3c01-11ea-ab84-0050569671c4\_3

Now that we have the ID of the Docker container executing Fluentd, we need to determine the --plugin option specified when the Fluentd service starts:

root@vlab-vra \[ ~ \]# docker exec -it 5edaa3595dff top 

Tasks: 5 total,   1 running,   4 sleeping,   0 stopped,   0 zombie
  Mem: 32945940K total, 25483480K used,  7462460K free,   461496K buffers
 Swap:         0 total,         0 used,         0 free,  7285928K cached
800%cpu  39%user   0%nice  25%sys 735%idle   0%iow   0%irq   1%sirq   0%host
   14 root         20   0 676M 147M  29M S  0.3   0.4   0:06.40 ruby -Eascii-8bit:ascii-8bit /usr/bin/fluentd --config /fluentd/etc/fluent.conf --plugin /fluentd/plugins --under-superv+
 1667 root         20   0  12M 5.8M 3.3M R  0.0   0.0   0:00.00 top
 1636 root         20   0  12M 5.8M 3.3M S  0.0   0.0   0:00.00 top
 1623 root         20   0  12M 3.8M 3.3M S  0.0   0.0   0:00.00 top
    1 root         20   0  90M  71M  10M S  0.0   0.2   0:00.70 ruby /usr/bin/fluentd --config /fluentd/etc/fluent.conf --plugin /fluentd/plugins

Finally, now that we know the path of where the Fluentd plugins are stored, we execute a directory lookup to see the available plugins:

root@vlab-vra \[ ~ \]# docker exec -it 5edaa3595dff ls /fluentd/plugins
http\_client.rb  out\_loginsight\_http.rb  out\_vmware\_log\_intelligence.rb

As you see from the directory listing, only three plugins are available in the appliance: HTTP, Log Insight, and vRealize Log Insight Cloud (formerly VMware Log Intelligence). The lack of Syslog support squashes any plans I have for implementing remote logging of vRealize Automation 8.0 to my Splunk deployment (at least not without a lot of effort to parse the HTTP POST data within Splunk). The only method I see available to me at the moment is to send the logs to vRLI first, and then have vRLI forward the data to my Splunk deployment.

Access Logs from the CLI

Often when troubleshooting an issue, it can be quite useful to view the logs on the console as a process is loading, or you are attempting an action in the web UI that fails. You can still accomplish this by interacting with Kubernetes. Each of the pods that make up the “prelude” namespace on the appliance can be queried for its logs. First, however, you need to know the name of the pod. The appliance contains the following pods:

abx-service-app, assessment-service-app, automation-ui-app, blueprints-ui-app, catalog-service-app, cgs-service, cgs-ui-app, cmx-service-app, codestream-app, consumer-ui-app, docker-registry, docker-registry-proxy, ebs-app, extensibility-ui-app, form-service-app, identity-service-app, identity-ui-app, migration-service-app, migration-ui-app, nginx-httpd-app, no-license-app, orchestration-ui-app, pgpool, pipeline-ui-app, postgres, project-service-app, provisioning-service-app, provisioning-ui-app, proxy-service, rabbitmq-ha, relocation-service-app, relocation-ui-app, symphony-logging-daemonset, tango-blueprint-service-app, tango-vro-gateway-app, terraform-service-app, user-profile-service-app, vco-app

If you know which service you want to view the logs from, you’ll next need to determine the runtime name of the Kubernetes pod that contains the service. To see the full list of running pods, you execute the following on the command line:

root@vlab-vra \[ / \]# kubectl -n prelude get pods
NAME                                          READY   STATUS    RESTARTS   AGE
abx-service-app-684468595b-mfcbx              1/1     Running   16         26d
assessment-service-app-5d5ff7b6f4-vlm54       1/1     Running   42         26d
automation-ui-app-74868745db-7zt8l            1/1     Running   10         26d
blueprints-ui-app-6b456495cb-t5qs2            1/1     Running   10         26d
catalog-service-app-69678557d5-9snc7          1/1     Running   27         26d
cgs-service-b57c4775c-qwr2m                   1/1     Running   41         26d
cgs-ui-app-7c87b58fb6-t2flr                   1/1     Running   10         26d
cmx-service-app-867d76dbfd-ph6kn              1/1     Running   13         26d
codestream-app-86b5b564bd-8w4h7               1/1     Running   46         26d
consumer-ui-app-9cf656775-fnx69               1/1     Running   10         26d
docker-registry-5bf9b47b68-glhwc              1/1     Running   13         26d
docker-registry-proxy-8cbgh                   1/1     Running   46         26d
ebs-app-59cd6c994b-shlqp                      1/1     Running   15         26d
extensibility-ui-app-6669df67cb-szdkb         1/1     Running   10         26d
form-service-app-5ccff5ff57-47l46             1/1     Running   41         26d
identity-service-app-759c68c8d-h68gt          1/1     Running   55         26d
identity-ui-app-558768574-2dnhq               1/1     Running   10         26d
migration-service-app-bb4c86989-ff55g         1/1     Running   41         26d
migration-ui-app-74cbb89796-vmvs7             1/1     Running   10         26d
nginx-httpd-app-6c7944648b-798jc              1/1     Running   10         26d
no-license-app-s4htq                          1/1     Running   10         26d
orchestration-ui-app-75c9fc6ccb-zx45f         1/1     Running   10         26d
pgpool-fd68cb474-smjmf                        1/1     Running   37         26d
pipeline-ui-app-f57c659cd-cf759               1/1     Running   10         26d
postgres-0                                    1/1     Running   10         26d
project-service-app-7477578845-lcskd          1/1     Running   14         26d
provisioning-service-app-787856d447-sfczl     1/1     Running   13         26d
provisioning-ui-app-9dc7dcd9d-vwlh5           1/1     Running   10         26d
proxy-service-tb6lv                           1/1     Running   10         26d
rabbitmq-ha-0                                 1/1     Running   10         26d
relocation-service-app-5bcd574d45-98xp4       1/1     Running   30         26d
relocation-ui-app-84697cb968-cb9vv            1/1     Running   10         26d
symphony-logging-daemonset-v2c5t              1/1     Running   13         14d
tango-blueprint-service-app-8b7f75f7d-rgt6n   1/1     Running   34         26d
tango-vro-gateway-app-59ff6cddfd-bvwrm        1/1     Running   34         26d
terraform-service-app-76757767cc-cxvb4        2/2     Running   20         26d
user-profile-service-app-74d6598975-s9xkz     1/1     Running   49         26d
vco-app-5857fdc55f-dmh8k                      2/2     Running   18         26d

Now that you have the runtime names for all of the pods, you’ll query the logs from the “rabbitmq-ha-0” pod.

root@vlab-vra \[ / \]# kubectl logs -n prelude rabbitmq-ha-0
total 20
drwxrwxrwx 5 root     root     4096 Feb  4 13:10 .
drwxr-xr-x 1 root     root     4096 Nov 27 14:40 ..
drwxrwxrwx 3 rabbitmq rabbitmq 4096 Feb  1 20:55 config
drwxrwxrwx 4 rabbitmq rabbitmq 4096 Feb  1 20:55 mnesia
drwxrwxrwx 2 rabbitmq rabbitmq 4096 Dec 31 17:24 schema
2020-02-04 13:10:37.793 \[info\] <0.8.0> Feature flags: list of feature flags found:
2020-02-04 13:10:37.793 \[info\] <0.8.0> Feature flags: feature flag states written to disk: yes
2020-02-04 13:10:37.893 \[info\] <0.256.0>
 Starting RabbitMQ 3.7.17 on Erlang 22.0.7
 Copyright (C) 2007-2019 Pivotal Software, Inc.
 Licensed under the MPL.  See https://www.rabbitmq.com/

  ##  ##
  ##  ##      RabbitMQ 3.7.17. Copyright (C) 2007-2019 Pivotal Software, Inc.
  ##########  Licensed under the MPL.  See https://www.rabbitmq.com/
  ######  ##
  ##########  Logs: <stdout>

              Starting broker...
2020-02-04 13:10:37.893 \[info\] <0.256.0>
 node           : rabbit@rabbitmq-ha-0.rabbitmq-ha-discovery.prelude.svc.cluster.local
 home dir       : /var/lib/rabbitmq
 config file(s) : /etc/rabbitmq/rabbitmq.conf
 cookie hash    : GVrUAEuiF7v1LP7aGSh7kw==
 log(s)         : <stdout>
 database dir   : /var/lib/rabbitmq/mnesia/rabbit@rabbitmq-ha-0.rabbitmq-ha-discovery.prelude.svc.cluster.local
2020-02-04 13:10:37.906 \[info\] <0.256.0> Running boot step pre\_boot defined by app rabbit

To follow the logs as they are generated, add a “-f” to the command above (kubectl logs -f -n prelude rabbitmq-ha-0). As you can see, it’s easy to view the logs from the service.

Final Thoughts

Lack of support for basic Syslog functionality within an enterprise cloud management platform seems like a significant oversight and a complete step backward from vRealize Automation 7.x. Additionally, the logging functionality that does exist via integration with vRealize Log Insight appears to be half baked at best as the source of the log data is shown as the Kubernetes pod name, which changes each time the pods restart. Hopefully, VMware will focus some effort on refining the logging functionality in future updates of vRealize Automation 8.x to provide at a minimum the same level of functionality as they supported in vRealize Automation 7.x.

See Also


Get Notified of Future Posts

Follow Me

LinkedIn Icon
Twitter/X Icon
Threads Icon
RSS Icon

Recent Posts