VMware vCenter Log Insight Beta
There’s a new log analyzer offered by VMware called vCenter Log Insight. Only the beta is available right now, but they have even released the expected pricing model ($200 per Operating System) so the first release should be right around the corner.
In this article I’ll go through the setup of the beta and some of the features that come along with it. (Download the Beta here.) This will allow you to download an OVA file that you can then deploy as a virtual appliance from vCenter. There is a Getting Started guide on this same site that will help you with the initial install.
Installing vCenter Log Insight
The virtual appliance starts out with 2CPUs, 8GB of RAM, and 140GB of memory. However, all of these options are able to be modified. As of now the log size is not limited by a time period nor by a certain “level” of license.
The only thing that will limit the size of your log files is physical storage within your environment. If you have enough storage and run out of space on your Log Insight virtual appliance you can always add another VMDK (Hard Drive) to your virtual machine.
Once it’s up it will present you with a console screen with instructions on either how to access the web UI or get to the CLI by pressing Ctrl + Alt + F1. Open a browser and go to the IP address for the Web UI and it will present you with a Welcome screen to set up some of the initial configuration. You can set the admin password here, set the license key, set up email notifications, set up integration with vCenter and vCOPS, setup archiving and then it will prompt you to restart.
Once it restarts you will see this screen:
As you can see I have no results yet because I’ve just installed it and don’t get many errors in my small environment.
Next, the Getting Started guide walks us through adding ESXi hosts using a script. We need to log into the CLI of the virtual appliance to do this and then run the configure-esxi script. After running these scripts my graphs are a little more populated.
As you can see from the pictures there are Dashboards: Overview, ESX/ESXi Hosts, SCSI/iSCSI and NFS, vCenter Servers, and Events, Tasks and Alarms. You can however click on Interactive Analytics which is where you can enter queries and it will search for events.
vCenter Log Insight also has what they call a content pack. The default content pack that comes with vCenter Log Insight contains saved queries, field definitions, alerts and dashboards. However, with this idea of content packs, third parties are welcomed to use the API to add their own content packs for hardware or software that is connected to the vSphere environment.
vCenter Log Insight could be a game changer when it comes to log aggregation software. The price point is good, better than many (yes, I’m thinking about Splunk). They’ve tried to make it as easy as possible to enter queries without having to practically learn a new language by enabling a lot of highlight and copy-paste functions. I would suggest giving the beta a try. Maybe even test out Splunk and Log Insight at the same time to see which one you like better and which one will allow you to monitor all of the servers you’d like to without your CFO laughing in your face.