As part of some recent evaluation work I did on vRealize Operations Manager and following a discussion with our VMware rep I installed vRealize Log Insight. It’s a product I’ve heard about before, largely in conjunction with EVO:RAIL as its part of the automatic deployment, but not a product that I’ve really seen a need for. As part of the vRealize Suite it links nicely into vROps so I thought why not give it a chance and see what it can do. So far I’ve been impressed. I’ve only configured it to monitor my VMware environment but it is also possible to get data from devices outside on the virtual platform. For want of a better example you can see Log Insight as a syslog server or a Splunk Server. There may be other ways of installing vRealize Log Insight Manager but below are the steps I followed to get the platform off the ground and it follows the similar steps to my earlier How-To: VMware vRealize Operations Manager Installation guide
Go to VMware vRealize Log Insight web page and download the vRealize Log Insight OVA file. You will need a VMware account for this and you will also get a 60-day trial license key. You can also check out the VMware vRealize Log Insight Getting Started Guide and the vRealize Log Insight Administration Guide for more information of what to do within Log Insight. Once you have downloaded the appliance you can go into vCenter and select Deploy from OVF Template.
Browse to the downloaded OVA file, select and click Open
Once the source file has been select click Next
vRealize Log Insight version and the size on disk will be displayed. Take note that the primary disk is Thick Provisioned as part of the deployment so it will take a bit longer than a thin provision disk to complete. Click next to continue.
Accept the license and click Next
Enter the name for your new vRealize Log Insight appliance and select the folder that you want to deploy the appliance to. Below is the screenshot from the vROps deployment but the only different is that the name was specific to vRealize Log Insight. Unfortunately I didn’t capture this during the installation process. Click Next to continue.
There are a number of options regarding the configuration sizes. In my instance I will be using small as I have under 100 ESXi Hosts. vRealize Log Insight caters for some very large environments and I think it would only be in exceptional circumstances (and most likely you won’t be considering Log Insight anyway) that it cannot cover the environment needs. Depending on the configuration size you’re vCPU and Memory requirements will vary. Note that the disk is thick eager-zeroed provisioned. Click Next
Select the host and cluster to deploy to. In this instance it is being deployed into Dev.
Select the required Resource Pool and click Next
Select the datastore to put the new appliance onto and click Next
Make sure to select Thick Provision Eager Zeroed for the disk format as per the recommendation and click Next.
Now we’re into the configuration part of the appliance deployment. Enter the hostname provided earlier, the relevant IP addressing and DNS settings and click Next.
Double-check all of the settings and once you’re happy click Finish to deploy the appliance. As the disk is eager-zeroed it will take a while to deploy. Go grab yourself a coffee, I did after 5 minutes of waiting so I can’t tell you how long it took to complete but it was less than 15 minutes.
Once the appliance has been deployed into vCenter open a VM console session to the appliance and power it on. Select SUSE Linux Enterprise Server 11 SP3 for VMware – 3.0.101-0.15 and the boot process will continue.
You will see the bootstrap config going through the process.
Once the Log Insight appliance has completed applying the config you will see a screen similar to below. If gives the steps on how to access the console which is useful. In this instance no further work is being carried out on the deployment side of things so we’ll move onto the configuration.
Log into the IP address of the appliance. If you receive any warnings about certificates select ok and continue. vRealize Log Insight provides a walk through of the configuration which makes things a lot easier. Click Next on the initial screen to continue
Log Insight allows for clustering and also to have disparate Log insight appliances from different vCenters to join the same ‘farm’/cluster. For a new deployment click Start New Deployment
Enter an email address for the admin account and also a password. Click Save and Continue
If you have a license key you can add it here. Even if you don’t have your evaluation license at this point you can click Continue but you will receive a warning when accessing interfaces following the deployment that Log Insight is not licensed. I will show where to add the license from the later config screen. Click Continue.
Enter an email address that will receive system notifications. In this case I’ve entered my address for the trial period. You can choose to also send the weekly trace to VMware if you like. Click Save and Continue
You can choose to sync the server time with NTP servers or with the ESX/ESXi Host. I’ve chosen the ESXi host just to remove the communication need for the appliance to have to go out to an NTP Server. If this was a full production deployment then I would reconsider. Choose whichever is suitable for you.
Enter the SMTP server settings and a sender email address so you can receive notifications from Log Insight. Once entered you can send a quick Test Email to confirm the settings are correct. You can also choose to skip this. Click Skip or Save and Continue depending on how you want this section configured.
You’ve now completed the initial configuration. The message says ‘All done!’ but it’s lying to you. Click Finish and we’ll continue with the configuration
At this point you can choose to ingest syslog data from any source, agents installed directly on a linux or windows server to gather the logs (you can download and install the agents also from the link) and integrate with vSphere. For the evaluation I’ve chosen just to go with vSphere Integration. Click on Configure vSphere Integration to continue
You will be brought through to an administration screen where it will automatically select vSphere under Integration. From here you can add multiple vCenters if you have multiple Log Insight appliances deployed. Enter the host name for vCenter that you want to integrate to and enter a valid username and password. Click on test connection to verify the credentials work. Click Save.
Configuration of the ESXi hosts will begin so that Log Insight can access their logs.
The next step is to integrate vRealize Operations into vRealize Operations. When running both of these in combination as part of an evaluation it’s possible to get a far better outcome. Enter the IP address/hostname of the vROps appliance and the login credentials. Click Save once the connection has tested successfully.
Integration with vRealize Operations Manager will take a minute or so to complete.
Once it has completed you will be prompted with the below dialog. Click Ok to continue
The next step is to check the license key. If you didn’t enter one earlier now is the time to do it. Select License under Management and enter the trail license supplied by VMware. Select Add License Key and the features of the key will be displayed. Now Log Insight is completely setup and configured to work with vCenter and vROps.
Once the license has been added you will see data appear in the System Monitor -> Resources screen. Without the license nothing will appear here.
Now that everything is configured you can start to play around with the interfaces and the data. It will take just a few minutes for Log Insight to populate. Once it does you can see for VMware vSphere the General Overview shows alerts and events that appeared over the few hours. You can mouse over the graph to get more information.
Another screen to check out is General Security which gives insight into the java versions that exist within the environment.
Another of the useful dashboards is the Storage – SCSI Latency/errors which show any events that have arise from storage connectivity, throughput etc.
Lastly, and arguably the most impressive looking feature is the Interactive Analysis which gives both a graph and a list of events that have occurred so you can quickly see over a large time period what the expected state of the environment is and where it has breached thresholds. I think utilising both vROps and vRLI will definitely make your life easier for finding problems within your infrastructure.
I would highly recommend getting Log Insight installed to get a more details view into what is happening within your vSphere environment. VMware have put a lot of effort into consolidating all their management tools into one package and it really shows. There’s a similar look and feel between the solutions and they are intuitive to get to grips with. As there’s a 60 trial license available there’s no real reason to not install it. Even if you only look at it every now and again or when you have issues in your virtual environment you’ll get the value out of it.