A few posts back I wrote about the vCenter Collector services to centrally collect logs and dumps. There is also the VMware vCenter Log Analyzer appliance, a collector and an analyzer (with the collectors you have to do the analyzing part yourself). The appliance is an OVF/OVA download, that you can add to your environment.

What does it gives you:

  • Log file collection and analysis.
  • Alert and events collection and analysis.
  • vCenter en vCenter Operation Management integration.
  • Connect to everything. Everything? Well everything that’s able to generate log data. Several partners have content packs for their logs that you can import that gives you an additional layer for analyzing.

So you were writing about the vCenter collectors, why will we not use them? Well you can for you virtual environment. And you will if you are budget constrained. You will have to do the analysis all by yourself, with your own expertise.

How do I get it?

What does it cost?

VMware vCenter Log Insight is licensed on a per operating system instance (OSI) basis, which is defined as any server, virtual or physical, with an IP address that generates logs, including network devices and storage arrays. You can analyze an unlimited amount of log data per OSI. vCenter Log Insight price is currently announced as $200 per OSI.

And it really depends on the amount of log generating devices you want collected or analyzed (not only VMware related).

Installation

Installation of the appliance is straightforward, just like any OVF: Right click datacenter or cluster for Deploy OVF Template. Select your source location, and don’t forget to change the file type in the browse window (else it defaults looks for *.ovf and not the ova extension the Log Analyzer has) and select the downloaded version.

Accept license agreement (O yes, you want to read it first ;) ), choose your hostname and location, disk layout, datastore location and network. If you want you can customize by setting a GW, DNS and IP for log insight. Default or blanks will give you DHCP. And let it fly.

Start your engines when it is all finished. Log on to the console and press CRTL ALT F1.

image

Login with root and blank password. This enables you to set a new password for root.

The vCenter Log Insight Web interface is available at http://log_insight-host/. The HTTPS-based secure Web interface is available at https://log_insight-host/.

image

When you access the vCenter Log Insight Web interface for the first time after the deployment, you must complete the initial configuration steps:

  • set the admin password and optionally a e-mail address.
  • set up a permanent or evaluation license key,
  • type in the e-mail address of the mailbox to receive notifications (some notifications about Log Insight are only send via e-mail notifications),
  • if you want you can participate in the Customer Experience Improvement Program select the thickbox of the send weekly option,
  • save and continue.
  • On the time page setup a NTP server, when none is available you can optionally sync with the ESXi host.
  • save and continue.
  • Setup the SMTP server details.
  • save and continue.
  • You can now setup the optional retrieval of vCenter events/tasks/alerts or send alert notifications to vOPS. (well optional, if you want central management set those options up. Leave out ops if you don’t have this.)
  • save and continue.
  • Set up an optional NFS archival location. You can also add more vmdk’s to your system for online data locations. But you will want to have some archiving in the future. For the evaluation I’m skipping this one.
  • save and continue.
  • Restart to complete the initial setup.

image


After the restart open a browser and viola the vCenter Log Insight home screen is shown. That was a smooth install.

This concludes the first part of the vCenter Log Insight evaluation. In the next part we will handle the following:

What to do next?

We need to configure some hosts to send syslogs to vCenter Log Insight. We can use to provide script configure-esx or we can use PowerCLI to setup a syslog host at the ESXi host advanced settings. We will use Log Insight to query log messages, set up alert notifications, import content packs and more. When I got my lab a bit more setup (I have a little resource issue) I will follow-up in a second post.

-Enjoy for now.

Advertisements

One thought on “Evaluation – VMware vCenter Log Insight – Part one the what, why and installation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s