vRealize Log Insight 4.0 Install Guide

vRealize Log Insight 4.0 is a powerful log management and analytics tool, natively integrating with VMware products such as vRealize Automation, vRealize Operations, and vSphere, as well as providing a heterogeneous platform for third party products. By collecting logs at operating system, virtual machine, host, and vCenter level, as well as for third party products, Log Insight is able to compile dashboards, and perform data analysis to help administrators troubleshoot quickly and effectively. To read more see the product page here. In this post we will install a new Log Insight appliance, additional appliances can also be added to scale out the solution.

charts2

Requirements

  • vRealize Log Insight can be licensed per operating system instance, or per CPU. A 60 day free trial can be obtained here.
  • The licensing editions of vRealize Log Insight can be found on the product page here. Advanced features are included with NSX, vRealize suites, and vCloud suites.
  • The appliance can be deployed to vCenter Server and ESXi versions 5.0 and above (or versions 4.1 and above for extra small deployment types).
  • For other VMware products check the Product Interoperability Matrixes here.
  • Access over the following ports is required for syslog: 514 (TCP/UDP), 1514 (TCP SSL), and the following ports for API: 9000 (TCP), 9543 (TCP SSL).
  • The virtual appliance comes pre-configured, when sizing the installation consider the following:
    • Extra small – 2 vCPU, 4 GB RAM, 132 GB disk (thick provisioned), vm hardware 7. Test or proof of concept, supports up to 20 ESXi hosts, 200 events per second, or 3 GB a day.
    • Small – 4 vCPU, 8 GB RAM, 510 GB disk (thick provisioned), vm hardware 7. Small production workloads, supports up to 200 ESXi hosts, 2000 events per second, or 30 GB a day.
    • Medium – 8 vCPU, 16 GB RAM, 510 GB disk (thick provisioned), vm hardware 7. Medium production workloads or Log Insight clusters, up to 500 ESXi hosts, 5000 events per second, or 75 GB a day.
    • Large – 16 vCPU, 32 GB RAM, 510 GB disk (thick provisioned), must be upgraded to vm hardware 8. Large production workloads or Log Insight clusters, supports up to 1500 ESXi hosts, 15000 events per second, or 225 GB a day.
  • Review the vRealize Log Insight 4.0 release notes here.
  • For more information visit the vRealize Log Insight Information Centre here.

Installation

Download the VMware vRealize Log Insight 4.0 virtual appliance here. Log into the vSphere web client and right click the host or cluster where the appliance will be deployed, select Deploy OVF Template. Browse to the location of the downloaded OVA file and click Next. Review the template details and click Next.

log1

Accept the license agreement and click Next.

log2

Configure a name and location for the virtual appliance, click Next.

log3

Select the appropriate deployment configuration and click Next. See above for sizing assistance.

log4

Ideally the disk format should be changed to Thick Provisioned Eager Zeroed. Select the datastore to use and click Next. Select the network to use and click Next.

log5

Enter the network settings for the virtual appliance. Expand Other properties and configure a root password. Once complete click Next. When adding DNS servers do not specify more than 2 DNS entries.

log6

Review the summary page, tick Power on after deployment, and click Finish. The appliance console has a similar look and feel to ESXi. If you ever need to use the command line login with the root account. The password should be set during the OVA deployment, if you missed it then the root password is blank.

console

Open a web browser and connect to the IP address or FQDN of the newly deployed appliance. The setup wizard will autostart, click Next.

setup1

Click Start New Deployment.

setup2

setup3

Enter an email address and new password for the admin user, click Next.

setup4

Enter a license key and click Save and Continue.

setup5

Configure system notification settings and click Save and Continue.

setup6

Enter the NTP server(s) to use and click Test. If the test succeeds click Save and Continue.

setup7

Configure the SMTP server to use and click Save and Continue.

setup8

On the setup complete page click Finish.

setup9

The vRealize Log Insight appliance is now deployed and can begin collecting data. In this example we will be configuring vSphere Integration to automatically collect logs and events from vCenter Server and ESXi hosts. Click Configure vSphere Integration.

setup10

Enter the connection details of the vCenter Server. To configure only specific hosts to send logs to Log Insight click Advanced options. Test the connection and when you’re ready click Save.

vsphereint

Other administrative menus are located on the left hand side. The administration page can be accessed at any time by clicking the three line menu in the top right hand corner of the page.

admin

You can also access the Content Pack Marketplace from this menu. Content packs can be added to collect data from other VMware and third party products.

contentpacks

To add a content pack select it and click Install.

contentpacksinstall

For example to collect NSX logs and events we can install the NSX content pack.

contentpacksinstall2

With our Log Insight collecting data we can now flick through the various dashboards and available data. For more information on getting the most out of vRealize Log Insight, and a comprehensive user guide, see the Information Centre here.

charts1

2 comments

  1. Nice ….

    Like

  2. […] syslog server configured, if you have a valid NSX license you can use Log Insight at no extra cost; Log Insight 4.0 Install Guide, NSX with Log Insight […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: