I wrote some posts about vROps - vRealize Operations Manager (aka vCOPs). Now we know how to deploy and configure vRealize Operations Manager and if necessary how to migrate vCOps to vROps. I showed how to deploy Hyperic Server and integrate with Operations Manager. Hyperic server is a component used to monitoring 3rd applications or devices. For example, I showed how to monitor NetApp arrays by vRealize Operations Manager (using Hyperic Server) 🙂 The last post was about vRealize Infrastructure Navigator showing dependency between VMs and also integration with vROps.
This post is focused on the next component of vRealize family: Log Insight 🙂 You can find answers for the following questions:
- What is vRealize Log Insight?
- How to deploy or upgrade vRealize Log Insight?
- How to integrate vRealize Log Insight not only with VMware products such as Operations Manager or just vSphere but also with Microsoft Active Directory.
What is vRealize Log Insight?
vRealize Log Insight is a powerful syslog server delivering real-time log management for vSphere environment but also applications such Microsoft SQL, Exchange or Sharepoint. With content packs, administrators can analyze logs more efficient 😉
vRealize Log Insight can be deployed as standalone or clustered appliances.
How to deploy or upgrade vRealize Log Insight?
The deployment of vRealize Log Insight is pretty easy because it is delivered as a virtual appliance (OVF) that you just need to deploy in your environment. You need to download Log Insight from here and follow my standard OVF deployment procedure. When you deploy the appliance please follow the below steps:
- Open browser and type https://Log_insight-host/, where Log_insight-host is the IP address or host name of the Log Insight virtual appliance.
- Click Start New Deployment. When you need to deploy a highly available Log Insight, you should deploy
- Set the password for the Admin user and click Save and Continue.
- Enter the license key, click Set Key, and click Continue.
- On the General Configuration page, type the email address to receive system notifications from Log Insight. I think you do not want to attend at the customer experience improvement program... so uncheck it. Click Save and Continue.
- On the Time Configuration page, set how time is synchronized on the Log Insight virtual appliance and click Test. I recommend to use NTP servers.
- Specify the properties of an SMTP server to enable outgoing alert and system notification emails. Click Skip or Save and Continue.
- Finished!
- You can integrate vRealize Log Insight with vSphere in the next step.
Now we have deployed and configured vRealize Log Insight! If you need to upgrade vRealize Log Insight to newer version, please follow my post How to upgrade Log Insight. As you can read there, the upgrade is pretty easy as well. For more information how to integrate vRealize Log Insight with Operations Manager please follow post here.
VMware recommends to configure a minimum of three nodes in a Log Insight cluster to provide ingestion, configuration, and user space High Availability. Just deploy vRealize Log Insight appliance (from OVF file) two times and then repeat step 1 to join them to the first (Master) already deployed:
Note: You should regularly check updates for vRealize Log Insight. As shown on the below figure, on the download page, there is avaialble a security pack for Log Insight:
The installation procedure of security patch is the same as upgrade of vRealize Log Insight.
How to integrate vRealize Log Insight with another applications?
vRealize Log Insight can be integrated with many solutions/application using vRealize Content Packs (.vlcp files) that you can find on https://solutionexchange.vmware.com/store/loginsight
The integration provides some pre-defined dashboards, queries, alerts.
There are content packs for below solutions (not only):
- Microsoft AD, Sharepoint, SQL or Exchange
- EMC VMAX or VNX arrays
- VMware products such as Horizon, NSX, vCD or vCNS
- Brocade (SAN) or Cisco Nexus
Content pack are distributed by VMware or 3rd vendors (EMC, Blue Madora etc).
The installation of contect pack is really easy, you can do it:
- automatic via Market place available via Log Insight (Content Packs --> MarketPlace)
- manually by importing Content Pack
Let's install Content Pack manually (useful when Log Insight does not have internet access):
- Click the configuration drop-down menu icon
and select Content Packs.
- Select a content pack to import (.vlcp file). Then click Import.
- When a content pack is imported, you can check available dashboards, queries or alerts.
I have installed couple of content packs 🙂
Sometimes it is necessary to install Log Insight agent (Windows, Linux). If you want to use content pack for Microsoft applications, you need to install agent for Windows. The installation is easy, "3 x Next" + IP address of Log Insight 🙂
The agent installation package is available on Log Insight download page mentioned earlier. Also you can download directly from the Log Insight appliance (Management-->Agents):
After installing agent on Windows/Linux Machine, Log Insight detects and collects data. For example on the below figure is shown (I forgot my password specially :D) Security -Logon Failures on machine: osaka.
When you right click on dashboard and select Interactive Analytics, you can see details of status:
Conclusion
vRealize Log Insight is really a powerful tool for administrators not only VMware but also network, SAN or applications. Who wants to dig through logs? I think nobody...