vRealize Log Insight custom device configuration and extract fields

Posted by Aruna Lakmal on 9:25:00 PM with 1 comment
As I mentioned in my previous posts VMware Log Insight is not just limited to VMware products and we can use for any device to collect the syslog data. I wanted to do some tests in my lab and I have configured my Log Insight server to collect the data and do some analysis in my SonicWALL connection states. 

So I thought that It is a good idea to share this as I'm really impressed with this Log Insight capabilities and Field extraction features. What I'm going to show you here is how to configure the SonicWALL to send the syslog data to my Log Insight server and create a custom extraction field to do further analysis. 

Configure SonicWALL to send the syslog traffic to Log Insight server

It's just a simple task like adding the Log Insight server IP address to the SonicWALL with the syslog connection port.


Once we done this jump in to the Log Insight Dashboard and check whether the device picked up under the "Overview" section. In my case my SonicWall was picked up by the IP address.


Now you are able to perform any interactive analysis from your Log Insight server as you do in your VMware environment.




So it is just a simple task and I you can analyze yourSonicWALL syslog data and you can create your own SonicWALL dashbord for your monitoring purpose. I will show you the Dashboard capabilities in a different post.

Create an Extract Field for easy log search

VMware Log Insight has a feature called "Extract Field" and it allows you to create your own filter and customize your log analysis features. I personally like this feature as it helped me a lot in my log analysis tasks several times.To create a Extract Field select the log entry , that might be a part of the message or field in the entry. Here, I want to create a custom log search with the connection message status. Once you highlight it pop up message will appear and select the "Extract Field". 


On the right hand side there will be a Extract Field creation option and You can give a name which matches with the search.


If you need you can do further customization by adding more fields using "Add additional context" option. Once you are happy with the Field properties save it for the use. It will appear on your Right hand side under the Fields section and also you can see the histogram view of the field once you expand it.


Now you will be able to add this as a filter in the drop down menu.

By adding these Extract Fields up on your requirement you can easily perform your analysis tasks. This is just an example and you can do more customization as you like.