In this article i want to talk about an efficient and reliable tool for collecting logs. A tool that can collect logs from virtual infrastructure, physical infrastructure, operating systems, and various devices and help us to gather and aggregate the logs to analyze them. Today, I want to introduce you to the famous VMware product in this field which is known as VMware vRealize Log Insight.
vRealize Log Insight is a solution to provide intelligent log management for infrastructure and applications in any environment. This highly scalable log management solution provides intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual, and cloud environments. we are looking to set up and configure vRealize Log Insight to collect logs from the set of devices and clients and then analyze them.
Go to the following link and download The OVF file for vRealize Log Insight.
Oracle Cloud VMware Solution
but lets talk on my Favor VMware Solution OCVS , we are going to deploy the solution on OCVS , that mean deploying vmware like on-prem or even under you desk , VMware with Full control.
Oracle Cloud VMware Solution is a fully certified and supported solution that uses Oracle Cloud Infrastructure (OCI) to host a highly available and scalable VMware software-defined data center (SDDC). A standard VMware implementation, it works with existing operational practices.
Before You Install vRealize Log Insight
During deployment of the vRealize Log Insight virtual appliance, you can select from preset
configuration sizes according to the ingestion requirements for your environment. The presets
are certified size combinations of compute and disk resources, though you can add extra
A small configuration, described in the following table, consumes the fewest
resources while remaining supported. An extra-small configuration is also available, but it is
suitable only for demos.
Log Insight Sizing Guide
By default, the vRealize Log Insight virtual appliance uses the preset values for small configurations.
You can change the appliance settings to meet the needs of the environment for which you intend to collect logs during deployment.
vRealize Log Insight provides preset VM sizes that you can select from to meet the ingestion requirements of your environment. These presets are certified size combinations of compute and disk resources, though you can add extra resources afterward. A small configuration consumes the fewest resources while remaining supported. An extra small configuration is suitable only for demos.
Deploying Log Insight 8.3 Appliance
Login to vCenter – Right click Cluster or Host – Deploy OVA template – provide Name for appliance and select the OVA file downloaded.
Enter the path to the vRealize Log Insight or Browse to the OVA file.
Select the VM Name to display and select VM folder.
Select the workload Resource Pool and Next.
Review the Configuration and Click Next.
Accept the EULA and Next.
Select Disk provision as Thin or Thick and Next.
Thick Provision Lazy Zeroed creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when the virtual disk is created. The data remaining on the physical device is not erased during creation, but is zeroed out on demand later, on first write from the virtual appliance.
Thick Provision Eager Zeroed creates a type of thick virtual disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time.In contrast to the flat format, the data remaining on the physical device is zeroed out when the virtual disk is created. It might take much longer to create disks in this format than to create other types of disks.
Select the size of the vRealize Log Insight VM. As my environment is less than 200 ESXi hosts, I select Small.
Select the Network port group for Log Insight appliance Network and Next.
Provide below information and click Next.
- Network IP
- Network Mask
- Default Gateway
- DNS Server
- Domain searchpath
- DNS Domain
- Root Password
Review the Deployment Configuration and Press Finish.
Power on your new Log Insight Virtual machine.
The console of Log Insight appliance will look like this, as you notices it has automatically detected the DNS record from DNS server as shown below.
Log Insight 8.3 Solution configuration
Click to start New Deployment, if you are deploying vRealize Cluster on the second node you will need to choose to join existing Deployment.
Remember – i am deploying this application on Vsphere 7 and VSAN 7 , i have protect this VM with FFT 2 , with this configuration there is no point of a cluster because i am protected, if you need more power to collect more logs , just increase the size of CPU and Memory.
as a result of configure the root password we need to provide the Email and new Password for the VRLI , remember that the default password is blank. i did have a few issues in the past that i was getting an error on this step, please try to restart the appliance and try again to see if the result change.
vRealize or Log Insight License. i have added the license press continue , you need to find all your licenses within myvmware.com , OCVS comes with Vsphere and NSX Licenses but you will need to bring your own licenses to work with VRLI on OCVS.
Configure the SMTP Configuration to enable sending Log insight Notification on Alerts within Log Insight Alarm List.
Specify a Valid NTP Server and click SAVE and Continue.
After the vRealize Log Insight process restarts, you are redirected to the Dashboards tab of vRealize Log Insight. vRealize Log Insight collect logs from variety devices through vSphere Integration, Agent and working as Syslog.
Provide information in order to collect events from the vCenter Server and logs from ESXi and verify you inputs by using TEST Connection.
Collect vCenter Server events, tasks, and alarms: vCenter Server’s events, tasks, and alarms will be sent to Log Insight using Log Insight agent which include in vSphere Content Pack.
Configure ESXi hosts to send logs to Log Insight: ESXi hosts to send their logs to Log Insight via syslog. Pay attention existing syslog targets on these hosts will not be removed.
you will need to review and approve the Vcenter Certificate , all of VMware Solutions comes with self sign Certificate and you will need to provide SA to sign the certificate.
As you can see over here i am collecting logs from my 3 Oracle OCVS Hosts , you can add any more host within the same interface.
you can see over here the List of Vcenter you are collecting logs , all of the Vcenter logs of the oracle OCVS is shown within the Dashboard.
Navigate to the Dashboard tab and then from right column select VMware-vSphere to see your host event log.
Let Check one ESXi host using Interactive Dashboard. Navigate to Interactive Dashboard and from drop down menu select hostname and then enter your desire ESXi host name. Press enter and as you see your latest ESXi logs is here.