This week I decided to test my hands on the log management tool from VMware i.e vrealize Log Insight. We have this tool in our production environment and have to jump into analysis of Alerts received from this tool. Due to lack of knowledge troubleshooting sometime becomes very difficult so I decided to deploy this in my lab and play around options.
What is vRealize Log Insight?
vRealize Log Insight is a log management tool that aggregates logs from various systems into one place.The cool aspect of Log Insight is that it supports the collection of logs either from VMware infrastructure (i.e. ESXi hosts) either from physical infrastructure (i.e. physical servers, physical switches, etc.) either from application (i.e. virtual/physical machines guest operating systems).
With the introduction of vCenter Log Insight (Later renamed as vRealize Log Insight) VMware joined the already crowded log analytics market. There are several other products in market such as Splunk, LogRhythm, Sumo Logic and Loggly which are used for data center log consolidation and analysis. The advantage of Log Insight is its seamless integration with other VMware products.
What is the advantage of using Log Insight?
Log Insight is used for operational analytics in traditional data center and cloud environments. It has the ability to discover emerging patterns and guide administrators to the root cause of problems.
Log Insight makes it possible to do all sorts of queries and analytics on the data retrieved. Log Insight is just not for vSphere or other Vmware products, but can interact with other products such as Microsoft OS, SQL Server, IIS Server, Sharepoint, the .NET CLR, networking/storage products from Cisco (ASA, Nexus), Arista, Brocade, EMC (VNX), NetApp, Synology and even for compute products from VCE and Cisco (UCS) via Management packs for these products.
As of now Log Insight can be integrated with:
1: vSphere (Esxi + vcenter)
2: vRealize Automation,
3: vRealize Operations,
4: vCloud Director
6: Horizon View
Where did Log Insight come from?
As we all know VMware is known for acquiring the small companies and then re-design and rebrand the product under VMware name. Log Insight is no exception to this and is a result of VMware’s acquisition of Pattern Insight in August 2012.
The current version of Log Insight is 3.3.1 and is available for download in form of ova file from vmware.com.
How Log Insight works?
Log Insight is deployed as a virtual appliance in vSphere Infrastructure. The virtual appliance contains the Log Insight application installed on a SUSE Linux operating system and database. The Log Insight database is a special designed database and contains something called “just-in-time schema” which enables it to ingest syslog data from hundreds of syslog agents and store the unstructured data without modifying the database.
Log Insight appliance contains the customizable dashboards which gives a visual representation of what’s going on with infrastructure. Dashboard contains custom graphs of log events that are coming from different pieces of infrastructure.
If you want to know more about Log Insight product, I would encourage you to read following blogs:
1: Log insight FAQ’s
2: What’s new in Log Insight 3.3
In next post of this series we will look into Installation and Configuration of Log Insight appliance. Stay Tuned !!!
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable