Recently got chance to deploy VMware vRealize Log Insight and was able to capture some screenshots while proceeding further with the deployment so thought of dedicating an article talking about the installation/configuration and to provide quick overview about vRealize Log Insight.
vRealize Log Insight helps us to deliver real-time and archive log management for VMware environments. VRealize Log Insight can analyze terabytes of logs, discover structure in unstructured data, and deliver enterprise-wide visibility using a modern Web interface.
Data Ingested by VMware vRealize Log Insight is available for search within seconds and the historical data can also be searched, vRealize Log Insight also provides support for keyword queries, using vRealize Log Insight providing root cause analysis become much easier.
Another important feature that has been made available with the latest releases of vRealize Log Insight is Intelligent Grouping which make use of new machine learning technology by scanning the incoming unstructured data and group messages together by problem type which gives us the ability to understand whether the issue is related to Physical, Virtual or Cloud Enviornment.
Before we proceed further with the deployment of vRealize Log Insight appliance we need to follow some prerequisites including security requirements wherein we need to ensure that we are installing vRealize Log Insight in a trusted network and saving the log insight support bundle in a secure location.
Next prerequisite on the list is to follow product compatibility requirements wherein we make use of vSphere client to deploy vRealize Log Insight on ESXi host 5.0 or later, we can deploy vRealize Log Insight with minimum requirements (8GB Memory, 4vCPU) or we can proceed further with other configurations depending upon the underlying vSphere environment from where you are planning to collect the logs from, during this deployment I proceeded further with Large configuration (16GB RAM, 32 vCPU,)
There are various Deployment Models available for vRealize Log Insight including Single Node, Single Cluster or Cluster with Forwarders, this entire deployment is regarding the Single Node deployment wherein I deployed Single Node for vRealize Log Insight and configured the same with vCenter Server.
Single Node is the basic vRealize Log Insight configuration that includes a single node. The log sources for Single Node deployment are applications, OS logs, virtual machine logs, hosts, the vCenter Server, virtual or physical switches and routers, storage hardware. We can also make use of vRealize Log Insight Integrated Load Balancer a.k.a ILB for receiving ingestion traffic which helps us simplifies the configuration and provide us room to add extra nodes in near future. Another deployment option available is Single Cluster configuration which includes 3 -12 nodes using vRealize Integrated Load Balancer (helps us in balancing traffic across nodes in cluster).
Another deployment option available is Cluster with Forwarders wherein VMware vRealize Log Insight deployment has cluster with forwarders which includes indexing and storage and query cluster which contains minimum of 3 nodes using integrated load balancer. The design can be extended by adding multiple forward clusters configured to forward all its log messages to main cluster.
Now that we have seen the various deployment options available let’s proceed further with single node deployment option which is quite straightforward, wherein we need to download the appliance from VMware and proceed further with OVF deployment by providing some details including the name and location, resource, accepting EULA, selecting the configuration type (Extra Small, Small, Medium and Large). Each of the configuration option selected has its own CPU and Memory requirements and should be dealt with extra care considering the environment.
For Example, if we are planning to do a demo/POC for vRealize Log Insight we can proceed further with extra small configuration. At the same time if you are planning to deploy vRealize Log Insight in your production environment wherein the number of events per second is more than 5000 Large configuration option should be selected.
After specifying the details and selecting proper storage and network for your vRealize Log Insight appliance we can proceed further with customization wherein we specify the details including, DNS, Default Gateway, IP address and Subnet Mask.
After completing the deployment and before powering on you vRealize Log Insight ensure proper DNS records are created vRealize Log Insight looks for Name Resolution to be in place.
Once the vRealize Log Insight is powered on and successfully configured it’s time to log in to the console and do the remaining configuration wherein we provide details including admin password, NTP, License.
It’s ready to ingest data wherein we can proceed further with vSphere integration by specifying the service account username and password, this is another prerequisite that we need to take care before proceeding further with the deployment, ensure the service account is in place.
Or we can also download and install collection agent to send files and event logs from Linux or Windows to Log Insight Server, we can also make use of Syslog which can supply the data to vRealize log Insight.
BDRSuite offers cost-effective VMware Backup Solutions to backup and protect VMs on ESXi & vCenter. Backup starts at $1.80 vm/month.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.