Let’s face it, syslog collection is not as exciting as other things we would like to be doing as administrators, but often it is a necessary evil that we have to face when troubleshooting or trying to identify potential problems before they happen. Today, let’s highlight a tool that if you are not using as a vSphere administrator, you should be especially since it is free if you own vCenter Server – vRealize Log Insight Server. What is VMware vRealize Log Insight for vCenter Server? We will take a look at licensing a bit further and How to Deploy VMware vRealize Log Insight for vCenter Server.
What is VMware vRealize Log Insight for vCenter Server?
When we think of log scraping, it isn’t terribly useful to us if there is no intelligence or analytics that can decipher what certain logs mean or how they interact and weigh in with other logs that have been gathered. VMware vRealize Log Insight delivers a platform to gain the visibility, log management, and sophisticated analytics needed to parse through logs gathered in a VMware vSphere environment.
Among the areas of interest to us when thinking about utilizing something like vRealize Log Insight are benefits gained when using a log management product that provides deep analytics. It can essentially:
- Promote Rapid Troubleshooting and Root Cause Analysis into issues or problems
- Monitor and Manage Machine Data at Scale
- Create Structure from Unstructured Data
- Lower Operating Expenses
When we think about troubleshooting an environment, time is money if we are talking about systems potentially being down and engineers spending valuable time and energy on troubleshooting. If we have a product for scraping logs that offers intelligence and analytics and presents that in such a way that we can make sense of the data, we can see how the benefits mentioned above come into play.
Is vRealize Log Insight for vCenter free?
Well, in a sense it is up to a point. For each instance of vCenter Server that you own or purchase you are entitled to a free 25 OSI license of vRealize Log Insight for vCenter. What is an OSI pack? Well, according to VMware documentation, this is “operating system instances”. There is a really good walkthrough and example given here. This post shows the way OSI can be calculated so I will leave that to licensing discussion there. Additionally, NSX customers since NSX 6.2.4 (and beyond) customers are entitled to vRealize Log Insight for NSX at no additional charge.
Also, exciting for VMUG members, if you have a VMUG Advantage membership, you have access to vRealize Log Insight Server license for free!
How to Deploy VMware vRealize Log Insight for vCenter Server
Deploying VMware vRealize Log Insight for vCenter Server is fairly straightforward. Download the vRealize Log Insight 4.5 server OVA appliance from VMware and deploy. There isn’t much to note of interest in the OVA deploy as it is a standard deployment with IP configuration, etc. Once the appliance is deployed, simply power on and let the appliance boot.
After connecting to the web interface, we are greeted with the Setup dialog box ready for configuration of the appliance.
On the next screen we can click teh Start New Deployment button to create the new deployment of vRealize Log Insight server.
Deployment process begins.
On the first screen, we setup the Admin Credentials for the admin user to access the vRealize Log Insight server.
Add your License key for vRealize Log Insight Server, or you can skip this during the initial setup.
Time configuration. The setup process prepopulates the NTP servers with VMware specific NTP servers.
Setup SMTP configuration for email alerting, or you can simply skip this test during the initial setup.
We finally get to the Setup complete screen. Once we click Finish, we are taken to the Ready to Injest Data screen.
On the Ready to Ingest Data screen, this is where we actually configure our connection to our vSphere environment. Click teh Cofnigure vSphere Integration link to configure.
Populate the vSphere Integration Hostname, Username, and Password values for vCenter Server. Notice the Configure ESXi hosts to send logs to Log Insight is checked by default.
vRealize Log Insight Server ESXi Host Syslog Configuration
When using the automatic configuration with the vSphere Integration setup, I saw the errors listed below which referred me to the KB listed – http://kb.vmware.com/kb/2003322.
Using the esxcli command we configure the syslog service and the remote host we want to use (our vRealize Log Insight Server), and also allow syslog connectivity via the ESXi host firewall. After configuring both, we refresh the firewall and reload the syslog service. We can also use the nz command to test connectivity.
esxcli system syslog conig set --loghost='udp://<vrealize log insight server>:514'
esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
esxcli network firewall refresh
esxcli system syslog reload
nc -z <vrealize log insight server IP/FQDN> 514
Once, I configured the Syslog firewall exception and configured the remote host, the automatic configuration completed successfully.
Viewing vRealize Log Insight Server Information
Once we have vCenter Server and our ESXi hosts sending information, we should start to see data populating in the default General – Overview dashboard.
Using the Interactive Analytics tool, we can drill down into the events pulled and get insights into issues, etc.
What is VMware vRealize Log Insight for vCenter Server? It is a great tool that is provided for free when you have vCenter Server licensing that allows much more insightful analytics into vCenter and ESXi host syslogs collection. Let’s face it, gathering and parsing syslogs manually is virtually impossible and cumbersome. Having the right tools to do this intuitively provides benefits to troubleshooting and lowers TCO. If you want to take syslog and best practices even further, Runecast Analyzer is definitely the way to go. Check out our post covering Runecast here.