This article is about setting up vRealize Log Insight and integrating it with vSphere and vRealize Operations Manager.
Log Insight provides powerful real-time log management for VMware Environment with machine learning based intelligent grouping and faster search. This allows for swift troubleshooting and better analytics across physical and Virtual Environments.
It’s only a matter of exploring the options the tool gives for log analysis and you will enjoy using it.
The deployment can be broken down into below steps.
- Pre-requisites
- Deploy the Appliance
- Configuration
- Integration with vSphere and vROPS
Pre-Requisites
Log Insight accepts data from sources(Virtual/Physical/Cloud) which use syslog protocol, sources that write logs and can run the vRealize log insight Agent and sources that can post data with HTTP/HTTPS through the REST API.
Ports for syslog feeds: 514(UDP), 514(TCP), 1514(TCP) SSL.
The appliance can be deployed in 4 configurations based on the sizing requirements. The configuration decide the amount of compute and storage resources the appliance requires.
The below link for sizing calculator will help you determine sizing
http://www.vmware.com/go/loginsight/calculator
Deploying the Appliance
Login to the vSphere Web Client once the .OVA is available
Deploy OVF Template from vCenter and select Local file.
Browse and Select the .ova file
Click Next
Name the appliance and select location
Click Next
Select Resource and Review Details
Click Next
Accept the EULA and click Next
Choose the Configuration and Click Next
Select Storage and click Next
Select Network and click Next
Provide Network and Other Properties
Review and Click Finish.
Configuration
The initial configuration is available after the appliance deployment
https://vRealizeLogInsight.hostname
Welcome screen Click Next
Click Start New Deployment unless you are deploying this as a second node to an existing Log Insight to make a cluster(HA)
Provide email ID and admin password
Provide License Key.
Admin email for Notifications
SMTP configurations
Finish
Integration with vSphere and vRealize Operations Manager
Login to https://vRealizeLogInsight.hostname
Go to Administration.
Click vSphere under Integration
Provide vCenter FQDN and Credentials.
It is recommended to create a Custom User for Integration with below privileges on vCenter root.
- Configuration.Change settings
- Configuration.Network configuration
- Configuration.Advanced settings
- Configuration.Security profile and firewall
Once configured you will notice the Syslog setting and firewall configuration done on the ESXi hosts.
Go back to the Administration page and click vRealize Operations under Integration.
This allows you to access the Log Insight dashboard from the vRealize Operations Manager page.
I would also suggest you to go through the below link for a quick go through on Searching and Filtering event. You will need this coz there will lot of events if it’s a big infrastructure and you’ll have to find what you are looking for.
