Log insight – central syslog with added value

Log insight – central syslog with added value

VMware Log Insight is still one of the VMware’s products which are not widely known and used (especially in Poland). In the past Log Insight was included in vRealize Operations, nowadays it is a separate product which is available in two licensing models.

The first one is per operating system image (OSI) with one flat rate for collecting logs from any server, virtual machine or hypervisor. The second model is per CPU, for one flat rate fee for collecting all logs generated from the hypervisor and any guests on a single CPU socket.

For more information about specific features and licensing please visit VMware Log Insight Site.

For those who are not familiar with this product – Log Insight is a software for log collection and corelation. But do not think about it as about simple syslog – it’s not! Let’s see how it looks like.

The installation proces is really simple – it’s an appliance, just a few click and it’s ready to use. The first step after installation is to integrate with vCenter server. Doing this you gain also integration with all of your ESXi hosts which are automatically set to send logs information to Log Insight.

After integration you will see all of you objects (ESXi hosts for this moment) at dashboards with charts which summarizes different types of events for different opbjects. These dashboards can be customized to fulfill requirements of an organization.

loginsight5

After clicking on specific events you are automatically moved to interactive analitics module. Then you could create specific filters to found more specific logs and correlate them with specific events. The phrases which you are looking for are marked by a specific color to make it easier to found necessary information.

loginsight6

I started to test Log Insight in out lab since I’ve found the new management pack for VSAN. It’s worth to notice that even without it there are some information about VSAN through integration with vCenter. However, using management packs you can receive more precise automated analytics about the events and problems in your environment.

All the available content packs can be viewed from Admin->Marketplace tab.

loginsight1

The process for installation of content pack for VSAN is almost automatic. You just need to select it and click install. And if you have vCenter already integrated (6.0 U2) it will be be up and ready at once.loginsight2 loginsight3

I also realized that there is available content pack for Synology DSM. I’m using Synology VSA as a storage for my nested labs, so I didn’t neglect to check it.

Again the installation is as simple as 2 clicks. The only difference here is that you have to log in into DSM and configure the logs sending to your Log insight. After that the new section for Synology DSM will be available in your Log Insight.loginsight4

Unfortunatelly, I do not have so many events yet to show you better view 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *