Thursday, February 26, 2015

Installing and configuring vCenter Log Insight 2.0

vCenter Log Insight or now known as "vRealize Log Insight" is a real-time log management solution for Vmware environment. It has "machine learning -based intelligence grouping" which will group the related data together, consolidates information and shows in customizable graphs. It is also a Syslog Server which can consolidate logs and analyze it.

Log Insight includes a built-in syslog server, it can analyze log events from any source which can forward syslog feeds. So you may configure ESXi, vCenter or any Cloud Suite product to forward log events to Log Insight.

Integration Options:

Currently it integrates with multiple vCenter Servers and vCenter Operations Managers.

Log Insight can collect two types of data from vCenter Server instances and the ESXi hosts that they manage.

* Events, tasks, and alerts are structured data with specific meaning. If configured, Log Insight pulls events, tasks, and alerts from the registered vCenter Server instances.

* Logs contain unstructured data that can be analyzed in Log Insight. ESXi hosts or vCenter Server Appliance instances can push their logs to Log Insight through syslog

Deployment Configuration:

Small - upto 100 ESXi servers
Medium - upto 250 ESXi Server
Large - up to 750 ESXi server

Deploy the Appliance:

1 . Connect to vCenter Server, click on File and select deploy from OVF Template and locate the log Insight ova file and select next.


2. Accept the License and give the name for Log Insight Appliance.  Select the appropriate Cluster, Host and Datastore.


3. Select the appropriate deployment Configuration and complete the wizard to start the deployment.


After successful deployment start with the configuration.

  1. Open browser and enter http://fdqn/ip_of_log_insight.
  2. Click on next to the start the configuration.
  3. As this is the first time setup, we would select the "Start New Deployment" option.
  1. Admin Credentials: Enter the admin email and set the password and click on "save and continue".
  1. Enter the License Key and click on continue.
  1. General Configuration:  Enter email address to send System Notification.
  2. Time Configuration: Enter your NTP server details and click on test to confirm. Or you may sync time with ESXi Host.
  1. SMTP Configuration: Update the correct SMTP details. You may confirm the configuration with "Sent Test Email".
  1. This concludes the configuration, go ahead and click on Done. 

Integrations:

vCenter Server:

Next it will automatically takes you to the Dashboard, as this is first time setup, we need to do the vSphere Integration. Click on the vSphere Integration hyperlink.

You may integrate multiple vCenter Servers and vCenter Operations Managers.

  1. Enter the vCenter Server details and Click on Test.
  1. After successful Test, click on Save.

vCenter Operations Manager:

  1. Click on the vCenter Operations Manager tab under Integration.
  1. Enter the vCOPS details, remember the username is "admin" not root. After successful Test, click on save.

vCenter Log Insight Interface:

There are 2 default Tabs: Dashboard and Interactive Analytics. The Dashboard shows your complete environment's events, faults etc graphically and has inventory of all objects at left which can show relevant information.

The Interactive Analytics shows  the real time log analysis, where you can search with query words and set the time duration starting from last 5 minutes to All Time. Once you get handy with this analytics, the root cause analysis becomes very easy.


I hope this post was informative.