In case you didn’t know, VMware has its own logging solution as part of the vRealize Suite of solutions, now VMware Aria called vRealize Log Insight. With vRealize Log Insight, you can aggregate all your logs from vSphere, vSAN, NSX, and even Windows and Linux hosts by log forwarding. The vRealize Log Insight solution is a great product that fits nicely with VMware environments but can also serve as a powerful Syslog server solution for all other devices in your environment. Let’s look at the VMware vRealize Log Insight syslog configuration and see how you can capture log messages and data with the solution.
What is vRealize Log Insight?
The vRealize Log Insight solution provides a highly scalable log solution with actionable insights and robust dashboards, allowing you to visualize your environment easily, identify issues, and remediate these as quickly as possible.
It provides the following benefits:
Quick troubleshooting of issues and root cause determination across large amounts of data
It provides a GUI interface that is intuitive and dashboard-capable
You can connect operating systems, apps, storage, network devices, and your vSphere infrastructure to vRealize Log Insight and start capturing and analyzing log data
If you are running vSphere in the environment, vRLI is well-suited for the environment since it natively understands vSphere and can provide out-of-the-box analytics and intelligence for vSphere, vSAN, NSX, and other solutions
It is extensible by way of content pack integration
You can integrate vRealize Log Insight with vCenter Server for deep and seamless integration
It can interact with vRealize Operations
Analyze forwarded logs from other devices
Install vRealize Log Insight agent for easy integration with Windows and Linux operating systems
Examine logs from essentially any device in your Log Insight server
With content packs you can download and extend the solution with additional capabilities and analytics features
You don’t have to be running vCenter Server as you can configure syslog with your ESXi host when you create the vRealize Log Insight instance
You can dedup the same logs to help eliminate duplicate information and key in on unique errors or other information found in the logs
In looking at vRealize Log Insight, you might assume it is only for vSphere environments. However, as you read the product description and install vRLI, you will quickly see it is for more than just vSphere environments.
The vRealize Log Insight solution serves as a general syslog server in the environment and is enabled to receive syslog messages out of the box. So, no additional configuration is needed once you have vRLI up and running.
Once you install vRLI in your environment, the “ready to ingest data” screen details the solution is for vSphere integration, Agent-based syslog receiving, and also serves as a syslog server. Log Insight can ingest data from any source via syslog. You just have to st the Log Insight server as your syslog destination.
Dashboards and visuals
You get really nice dashboards and visuals with vRealize Log Insight running in your environment, and you can create custom dashboards
Log Insight agent-based Syslog
You can also install agents from vRealize Log Insight that allow you to ship logs from remote operating systems to vRealize Log insight. On the agent download page from your vRealize Log insight console, you can download the agents for Windows and Linux.
vRealize Log Insight Name Change
With the introduction of VMware Aria at VMware Explore 2022, VMware is rebranding the entire vRealize portfolio of products to VMware Aria. It will include changing the name of vRealize Log Insight to VMware Aria Operations for Logs.
vRealize Log Insight Cloud
The vRealize Log Insight Cloud solution is a SaaS-based solution with the same powerful features. However, VMware will undoubtedly outpace the functionality with their cloud offering compared to the latest version on-premises.
The vRealize Log Insight Cloud solution uses a VMware cloud proxy to forward events to the cloud solution. This is true of many of the VMware cloud solutions with on-premises resources. The cloud proxy serves as an intermediary for the solution sending the information from on-premises to the ingestion API.
With the syslog capabilities in vRealize Log Insight, you can examine events, protocol details, collect and monitor your environment, including vSphere. You can easily identify changes in the environment after a settings change.
You can monitor apps, nodes, software, create reports, gain context and metrics from your infrastructure. You can trigger alerts based on data collected in Log Insight.
If you are running a vSphere cluster with vSAN or other configurations, vRLI provides insights, monitoring, and status checks for these vSphere solutions.
The logs will contain the hostname, user, post, device, installed software, patches, configurations, configured storage, network settings, connection information, and other management information.
Using vRealize Log Insight in the Home Lab environment
I use vRealize Log Insight in the home lab as my syslog server of choice. Since I run VMware vSphere in the lab, vRealize Log Insight is the perfect choice for understanding the vSphere environment with the actionable insights you need to see problems and issues in the environment quickly.
Configuring your ESXi servers to point to vRLI is simple. You can configure the syslog server this way:
esxcli system syslog config set –loghost=,<your vRLI IP>
esxcli system syslog reload
Below is an example of pointing my Cisco SG350X switch to vRealize Log insight as a remote log server:
VMware vRealize Log Insight FAQs
What is VMware vRealize Log Insight? VMware vRealize Log Insight, now VMware Aria Operations for Logs, is a premiere logging solution from VMware that allows organizations to effectively log their VMware solutions and also other physical, virtual, and other solutions in their environments using its syslog capabilities.
Is it free? Not it is a paid product. However, it is included in a VMUG Advantage subscription that gives home lab users full access to the entire portfolio of VMware products and solutions, which is a tremendous value.
Can it act as a syslog server for other solutions besides VMware? Yes, it can. It functions out of the box as a standard syslog server and can immediately receive syslog messages from devices in your network.
Configuring vRealize Log Insight as a syslog server is extremely easy as it is configured to receive syslog messages out of the box. You don’t have to do anything special from the vRLI side of things. If you are running VMware vSphere in production or home lab environment, vRLI is a great solution that already has the built-in understanding of VMware vSphere, vSAN, and NSX by way of content packs that are preinstalled.