VMware vRealize Log Insight Introduction and Deployment

Posted by Aruna Lakmal on 1:00:00 AM with No comments
VMware Log Insight is a great tool which you can perform a deep level log analysis and monitoring your devices. Good thing in this product is it is not limited only to the VMware products and you can use this product as your generic syslog analysis server for your entire infrastructure. You can run this in your vSphere environment as a Standalone and clustered configuration. Also, with vSphere 6 Update 2 VMware has included 25-OSI package to all vCenter installations allowing all VMware customers to use this as a analysis tool in a small environment for free. VMware Log Insight can be found as a virtual appliance and easily deploy and run in your vSphere environment within few minutes. This is nothing but just deploying an virtual appliance, but there are few things that you need to keep in your mind when you are deploying the appliance. This is not a new product and this was introduced back in 2013.

Most of the systems administrators and system auditors are spending their time with searching system logs and analyzing to find out on going issues and optimize their systems. I remember my early days while I was working as a Systems Assurance Engineer I had to check lots of logs and analyze them to get what I was looking for in my systems. In a situation like that Log Insight is a great tool which you can use to analyze all your systems and devices. As I mentioned before it is not just limited to VMware products and you can use this as a centralized console and a dashboard to monitor and analyze your devices. You can create what ever the custom dashboards to monitor the systems and It will make your life more easier.

Deploying vRealize Log Insight

I believe you already aware of OVF deploying in VMware environment and it is a few mouse clicks. 


But there are few important things to show you when you are deploying this OVF. Under "Deployment Configurations" step you need to select the type of your environment and You'll be able to see the relevant VMware hardware configuration for your Log Insight virtual machine. 


Configuration of your Virtual Machine as follows:
Extra Small (20 ESXi Hosts): 
  • 2 CPUs (minimum 2.0 GHz)
  • 4 GB RAM 
  • 132 GB of Storage (100 GB for event Storage) , thick provisioned , Eager zeroed highly recommended 
  • VM hardware version 7 or grater (vSphere 4.0 or grater)
Small (200 ESXi Hosts):
  •  4 CPUs (minimum 2.0 GHz)
  •  8 GB RAM 
  • 132 GB of Storage (100 GB for event Storage) , thick provisioned , Eager zeroed highly recommended 
  • VM hardware version 7 or grater (vSphere 4.0 or grater)
Medium (Supports up to 500 ESXi Hosts):
  •  8 CPUs (minimum 2.0 GHz)
  • 16 GB RAM 
  •  282 GB of Storage (250 GB for event Storage) , thick provisioned , Eager zeroed highly recommended 
  • VM hardware version 7 or grater (vSphere 4.0 or grater) 
Large (1500 ESXi Hosts):
  •  16 CPUs (minimum 2.0 GHz)
  •  32 GB RAM 
  • 282 GB of Storage (250 GB for event Storage) , thick provisioned , Eager zeroed highly recommended 
  • VM hardware version 8 or grater (vSphere 5.0 or grater)
Under "Properties"  Step you need to update the Virtual Machine properties such as hostname, IP, Gateway,etc.


Once you successfully deployed the Virtual Machine you will be able to see it like this and access URL will be displayed on the screen.


You can access the Direct Console by pressing "CTRL+ALT+F1" and you can see these instructions on the screen. By default there is no password configured and you can change the password as you like accessing the VM console.


Initial Configuration 

Once you are done with the Virtual Machine deployment try to access the Log Insight URL from your favorite web browser and ignore the connection status message.


You will be able to see the "Welcome Message" to your Log Insight and click "Next" to continue to the next screen


As I mentioned earlier this can be deployed as a standalone or clustered configuration and select what ever the deployment method for your deployment. In my case I'm deploying this as a standalone server and you can join this server to an existing deployment in this step. 


It will start the new deployment or connection to the existing environment as per your selection


Create admin credentials in the next step and "Save and Continue" to the next step


You can add the license key in the next step


In the next step configure the email notification email address and "Save and Continue" to go to the next step


Define the NTP (Network Time Protocol) servers in the next step as time stamp is really important when you are working with the logs. You can sync your Log Insight Virtual Machine time with the ESXi host which is holding the Virtual Machine. 


Define the SMTP mail details for the email notification in the next step. 


At the next step you can see the "All done!" message as you have successfully deployed and completed the initial administration configuration. 


That's all for now and I will come with a different post for the rest of the configuration.

Thank you for viewing my post...
Categories: ,