Collect External Client Nodes to Send Logs to VictoriaLogs (Cluster Mode)

Configure external log sources (network devices, storage systems, fabric managers) to send logs to VictoriaLogs for centralized log collection and analysis.

Prerequisites

Before configuring log sources:

• Ensure that VictoriaLogs cluster is deployed.

• Ensure that you have recorded VLAgent endpoint information

• Ensure that you have the TLS CA certificate for VictoriaLogs

• Ensure that network connectivity exists from log sources to the Service Kubernetes cluster

Important

Ensure that pod_external_ip_range in omnia_config.yml is reachable from external log sources.

Obtain Endpoint Information

Retrieve the VLAgent endpoint information from the VictoriaLogs deployment output.

1. Check the vlagent LoadBalancer service to get the external IP.

   kubectl get svc vlagent -n telemetry
   

2. Record the following endpoints:

   • Syslog plaintext: <LoadBalancer IP>:514

   • Syslog TLS: <LoadBalancer IP>:6514

   • HTTP forwarder: https://<LoadBalancer IP>:9481/insert/jsonline

3. Retrieve the TLS CA certificate from the victoria-tls-certs secret.

   kubectl get secret victoria-tls-certs -n telemetry -o jsonpath='{.data.ca\.crt}' | base64 -d > victoria-ca.crt
   

Note

VLAgent provides platform-managed syslog receivers. No additional configuration is needed on the Omnia side.

Configure Syslog Sources

Configure external devices to send syslog messages to VLAgent.

Plaintext Syslog (Port 514)

1. Access the configuration interface of your log source device.

2. Configure syslog forwarding to the VLAgent plaintext endpoint.

   Example configuration:

   Syslog server: <LoadBalancer IP>
   Port: 514
   Protocol: TCP or UDP
   

Note

DNS mapping may be required in some devices for TLS certificate validation. Use the LoadBalancer IP if DNS is not configured.

TLS Syslog (Port 6514)

1. Copy the VictoriaLogs CA certificate to the log source device.

2. Access the configuration interface of your log source device.

3. Configure syslog forwarding to the VLAgent TLS endpoint.

   Example configuration:

   Syslog server: <LoadBalancer IP>
   Port: 6514
   Protocol: TCP
   TLS: Enabled
   CA certificate: victoria-ca.crt
   

4. Verify TLS handshake.

   openssl s_client -connect <LoadBalancer IP>:6514 -CAfile victoria-ca.crt
   

Configure HTTP Forwarding Sources

Configure log sources that support HTTP forwarding to send logs in JSON Lines format to the vlinsert endpoint.

1. Access the configuration interface of your log source device.

2. Configure HTTP log forwarding to the vlinsert endpoint.

   Example configuration:

   Endpoint URL: https://<LoadBalancer IP>:9481/insert/jsonline
   Method: POST
   Format: JSON Lines
   Headers:
     Content-Type: application/json
   

3. Example JSON Lines payload format:

   {"time":"2024-01-01T12:00:00Z","stream":"device-01","_msg":"System started"}
   {"time":"2024-01-01T12:01:00Z","stream":"device-01","_msg":"Connection established"}
   

Note

The vlinsert endpoint expects one JSON object per line (JSON Lines format).

Verify Log Ingestion

1. Access the VictoriaLogs query interface.

   curl -k https://<LoadBalancer IP>:9491/select/logsql/query -d 'query="{}"'
   

2. Query for logs from the configured source.

   query="{_stream='device-01'}"
   

3. Verify that logs from the external source appear in the query results.

Note

Query latency depends on time range and data volume. Narrow the time range for faster results.

Note

VictoriaLogs does not return an error when log entries with timestamps outside the configured retention window are submitted. Log entries will be automatically removed from VictoriaLogs after the retention period.

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.