vRealize Integrations – Log Insight

The Enterprise Hybrid Cloud solution uses VMware vRealize Log Insight for centralised and automated log management, analysing log events from any component that supports syslog forwarding, providing system analytics, aggregation and search capabilities.

The log-forwarding configurations are enhanced with VMware and EMC  (and 3rd party as required) content packs.

Log Insight has a ton of great features and use cases, with a lot of great information available here from @smflanders.

One particularly interesting use case in terms of the EHC solution is the ability to see how the VMware vCenter Server is being accessed by the other components in the EHC solution. I touched on this and the related integration points in an earlier post here.

So many individual products now have integration with vCenter that it may go unnoticed just how much load the vCenter server is under from other components, for example who is accessing vCenter and how often.

The image below is a high level representation of some of the primary components in the EHC solution which are directly integrated with the vCenter server.

vCenter_Connections - Integration Points

As discussed in other posts, the EHC solution, as with all Production environments, requires identifiable service accounts for all interactions and services between the various EHC components.

For example, when a vRA user initiates a VM task such as deploying from a VM Blueprint or destroying a VM, the relevant Task is visible in vCenter, displaying vRA as the source of the request in the ‘identified by’ column, as shown below:

vcenterTasks_app_vra_vcenter

Using the vSphere Content Pack, which ships by default with Log Insight, we can create a view of interactions between EHC components, showing which components are accessing the Cloud vCenter server, how often, and which mode of communication is being used.

InteractiveAnalytics01

As we can see in the screen-grab above from our EHC v3.1 lab, vRealize Automation (app_vra_vcenter) is by far the main consumer/requestor of vCenter information (~2600 events), with vRealize Business (app_vrb_vcenter) the next closest (~600 events).

  • The legend on the upper-right displays the service accounts accessing the vCenter server. The service accounts in use here are displayed in the format of DOMAIN\application_<source>_<target> e.g. ppsilver\app_vra_vcenter.
    • vmw_vc_auth_user
  • The X-axis displays the Count of Events
  • The Y-axis displays the authentication type for the connections
    • vmw_vc_auth_type

From this display you can click into any of the bars and will be directed to all of the related events.

These constraints are configured as highlighted below:

InteractiveAnalytics02

This custom information can easily be saved and exported as a custom dashboard, using the appropriately named ‘Add to Dashboard’ button in the top-right corner of the main page.

MyDashboard01

EHC customers can use this feature to create their own custom EHC Log Insight dashboard, displaying the information most relevant to them.

Some of the other EHC-related Content Packs that can be used are vRealize Operations Manager, vRealize Automation, NSX, vRA, VMAX, VNX, as displayed below.

ContentPacks

The vRealize Automation content pack for Log Insight provides important information across all components of the vRA environment and key dependencies such as vCenter Orchestrator and vCenter Single Sign-On (SSO).

Update 30/11/2017 – vRO Content Pack for vRealize Log Insight

The content pack for vRealize Operations Manager presents and analyses all of the logs that are redirected from a vR Ops instance. The queries and dashboards provided by the content pack can be used to monitor and troubleshoot issues in the vR Ops Manager environment.

In addition to the content pack, vR Ops can be integrated in the following independent ways:

  • vRealize Log Insight can send notification events to vR Ops Manager.
  • The Launch in context menu of vR Ops Manager can display actions related to vRealize Log Insight.

One interesting configuration gotcha when configuring the Log Insight -> vR Ops integration: In order to use an AD user account, the format of the user must be user@domain@ADsource, as shown below:

Integration_vrops

where ppsilver.lab.local is my domain, and PPSilver is the name of the LDAP Import Source in vR Ops, as shown below:

vrops_LDAPimportSource

Product versions referenced in this post:

  • VMware vRealize Log Insight v3.0
  • VMware vCenter v5.5 Update 3a
  • Federation Enterprise Hybrid Cloud v3.1

References:

Official VMware vRealize Log Insight Product Page

VMware vRealize Content Packs

SFlanders.net

Configuring NSX Content Pack for Log Insight via @BenKing84

3 thoughts on “vRealize Integrations – Log Insight

  1. Pingback: vRO Content Pack for vRealize Log Insight | Scamallach

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.