VMware vRealize Log Insight as its name say gives you insight to the logs. It provided not only plain view of logs, but much more. I use it on daily basis in many modern environments and with every day I love it more and more.
As I mentioned above Log Insight is one and only tool you need to collect and analyse logs. Besides vSphere environment you can collect logs from all flavours of Windows and Linux Operating Systems. Log Insight is highly scalable – up to 12 nodes. If you calculate Large appliance size = 1500 ESXi hosts (~15000 events/second or ~225GB/day) x12, it gives you following numbers to collect per day: 18000 ESXi hosts (~180000 events/second or ~2700 GB/day). Check my page where you can find Log Insight Configuration Maximums VMware vRealize Log Insight Configuration Maximums.
Log Insight has intuitive and easy to use GUI with pre defined dashboards. Besides that it allows you to use interactive analytics with advanced filtering.
- Login to vSphere, choose Cluster where you want to install vRealize Log Insight and click Actions and Deploy OVF Template.
- Choose Local file and click Browse. Go to location where you saved downloaded OVA file. Click Open and Next.
- Review details and accept EULA.
- Choose name for virtual machine and place it in folder.
- Select configuration right for your environment:
- Extra Small – up to 20 ESXi hosts (~200 events/second or ~3GB/day)
- Small – up to 200 ESXi hosts (~2000 events/second or ~30GB/day)
- Medium – up to 500 ESXi hosts (~5000 events/second or ~75GB/day)
- Large – up to 1500 ESXi hosts (~15000 events/second or ~225GB/day)
- I selected Extra Small, because this size will be more than enough for my Lab.
- Select storage and disk format. Once again for my Lab deployment one and only possible choice is thin provision disk.
- Choose network where your Log Insight connects to and IP protocol.
- We are almost at the end and we have to enter few settings like hostname, IP and others.
- On the ready to complete screen review settings and click Finish to complete.
- After few minutes connect to vRealize Log Insight URL to finish configuration.
- Click Next to start configuration process.
- This is our first installation of Log Insight so we click Start New Deployment button.
- Provide admin user Email and password.
- Enter Log Insight license key and click Save and Continue.
- Enter Email address where alerts will be sent and if you wish you can join VMware Customer Experience Improvement Program.
- On the next screen Time Configuration has to be configured. If you are ok with defaults provided by VMware click Save and Continue, otherwise enter your own NTP servers.
- On the next screen enter SMTP configuration. In my case I skipped it since I don’t have any SMTP server in my lab.
- We finally completed general configuration wizard and on last page click Finish
- On next screen we have suggestions of possible ways to use Log Insight straight away after deployment. Let’s collect logs!
vRealize Log Insight vSphere integration
- On upper right corner click button and then Administration. Click vSphere and enter vCenter Server Hostname, Username and Password. Let’s choose Collect vCenter Server events, tasks, and alarms and Configure ESXi hosts to send logs to Log Insight.
- Recent tasks in vCenter Server shows that on all ESXi hosts connected advanced settings have been configured.
- To manually configure ESXi Syslog go choose ESXi server, click Manage / Settings / Advanced System Settings / type Syslog.global.logHost and use value udp://vrli_URL:514.
- Log Insight first vSphere integration is finished.
vRealize Log Insight Active Directory integration
- In admin section go to Authentication and select Enable Active Directory support.
- Provide domain name, domain controller, username and password and choose whether you want to use LDAPS (LDAP over SSL – secure LDAP) and click Save to finish Active Directory configuration.
- Next step is to add Active Directory group rights to login. Because, I am doing all configuration in my lab I will add domain admin group 😉
- After that simply login to Log Insight with your Active Directory credentials.
vRealize Log Insight Windows Agent deployment
- vRealize Log Insight has Windows and Linux Agents that can be installed on systems. I deployed via Group Policy Log Insight Agent. If you don’t know how to do it check out my old, yet still valid video Google Chrome deployment using group policy in Active Directory .
- After few minutes in section Agents members or to be more precise target computers chosen in GPO scope will be visible.
vRealize Log Insight integration with vRealize Operations Manager
- In case you want to integrate vRealize Log Insight with vRealize Operations Manager go to admin section and choose vRealize Operations.
- Provide hostname, username and password along with alerts and launch in context integration.
- Click Test Connection and once configuration is verified click Save.
- After few seconds integration between two products will be completed.
I think best summary is to show you that dashboards are populated with data and it simply works.
In next posts I will cover more advanced topics of Log Insight like:
- Use CA signed SSL Certificates
- Installing Log Insight Content Packs
- Creating alerts based on events
- And many more