Recently I wanted to test whether it is possible to configure vRealize Log Insight (vRLI) log forwarding to a second network interface to reach a log target in another network segment that could not be reached from the default vRLI appliance ip address.
The first step is adding a second network interface to the appliance. In this example we use the following network configuration.
Vlan10, IP 10.1.1.10, Subnetmask 255.255.255.0, Gateway 10.1.1.1
Vlan20, IP 126.96.36.199, Subnetmask 255.255.255.0, Gateway 188.8.131.52
- In this example the log forwarding target ip address is 184.108.40.206
To configure the second network interface open a SSH session to vRLI appliance. Move to /opt/vmware/share/vami/ and run the network configuration script. vami_config_net. Eth1 is now also available for configuration. First select ‘0’ for a configuration overview. In the results is an error on eth1 displayed. This error keeps us from being able to configure eth1.
After some ‘Trial & Error’ research I noticed the following error during reconfiguring eth1 “can’t open /etc/systemd/network/10-eth1.network”
In the directory /etc/systemd/network is the file “10-eth1.network” not present. The name of the file could be different then here in this example. It depends on the number of network interfaces. I fixed this issue by creating this file manual.
- touch /etc/systemd/network/10-eth1.network
- chmod 644 /etc/systemd/network/10-eth1.network
- Config the second network interface. Go to the directory /opt/vmware/share/vami/ and run the network configution script. vami_config_net. Eth1 is now also available for configuation.
- Check the new configuration by selecting option 0. If Ok press 1 to exit
- Restart the network, systemctl restart systemd-networkd.service
Now this issue is fixed we can move on to configure the persistant static route for vRLI log forwarding.
The file shlould look like this before editing:
[Match] Name=eth1 [Network] Gateway=10.1.1.1 Address=220.127.116.11/24 DHCP=no [DHCP] UseDNS=false
Now add route information at the end of the file:
[Match] Name=eth1 [Network] Gateway=10.1.1.1 Address=18.104.22.168/24 DHCP=no [DHCP] UseDNS=false [Route] Gateway=22.214.171.124 Destination=126.96.36.199/24
Save the file and restart the network service.
systemctl restart systemd-networkd.service
Check if the new route is present.
Test if you reach the destionation from CLI. I used Syslog over UDP port 514.
nc -v 188.8.131.52 514
Answer if configuration is working:
[184.108.40.206 514] open
The last step is to configure the vRLI Log Forwarding Destination.
Send a test event and check if the event is received by the target.
Keep in mind that multic-nic configurations in vRLI are not officially supported.
Also credits to this blog post that pushed me in the right direction.