When the Log Insight Windows agent was released in version 2.0, the decision to use the agent was easy because Windows does not natively support syslog. Given the release of the Log Insight Linux agent, I have been asked a few times why the agent should be used over already available syslog agents like Rsyslog and Syslog-NG for sending events to a remote destination like Log Insight. I would like to cover 12 reasons in this post.
My post on vCAC logging has been quite popular since its release. With VMware’s release of new and updated management products at the end of 2014, some changes to vCAC, now vRA, exist. In order to avoid confusion by attempting to update the older post, I decided it was time for a new post. Also, with the release of the Log Insight Linux agent, it is a good time to show end-to-end remote logging for vRA when leveraging the Log Insight agents.
Unfortunately, vRA still does not support setting a remote syslog destination to forward all vRA logs within the GUI yet. Like last time, I would like to cover where all the log files are located and more importantly how you can forward them to a remote syslog destination like Log Insight.
In Log Insight 2.0 a scale-out feature was introduced. The best practice when using scale-out is to configure an external load balancer in front of the cluster and send all ingestion traffic (i.e. syslog and ingestion API) to the load balancer instead of directly to a node. The reason for this best practice is to assist with balancing data across nodes and also to provide ingestion high availability. In this post, I would like to discuss why data may not be balanced across a Log Insight cluster whether a load balancer is used or not.
One question I get over and over again is can you / how do you import existing logs into Log Insight? The common use-cases are:
- Support bundle – someone has a support bundle and wants to analyze the logs
- RCA – an existing set of logs exist and analysis to determine the root cause of an issue is desired
- Analysis – a log analysis tool does / did not exist and analysis of previous logs is desired
So, how to you import existing logs into Log Insight?
This week, I would like to talk about the Windows agent available in Log Insight 2.0. First up, I would like to cover how to deploy the Window Agent on your Window’s VMs. Please note the Windows agent support Windows desktop versions Vista and newer and server versions 2008 and newer.
There appears to be some confusion on Log Insight’s support of multiline messages that I would like to clear up. The title gives it away, but I would like to discuss the details!
A long time ago, I talked about an internal error messages I received on ESXi. The workaround was to reboot the ESXi host, which is not the best outcome in my opinion. Recently, I hit this issue again, but this time specific to trying to configure remote syslog. I saw this issue will configuring vSphere integration on Log Insight and would like walk through the steps I took to address the issue.
I hit an interesting issue the other day when attempting to reconfigure remote syslog on some ESXi hosts. What followed was an exercise on troubleshooting remote syslog on an ESXi host and I wanted to share some tips.
One of the great features of Log Insight is its tight integration with other VMware products. One of these integrations is with vSphere. I have talked about vSphere integration in the past, however I would like to do so in more details to clear up some questions I have received lately.
As of late, I have needed to generate syslog configurations to monitors log files multiple times. A great example would be generating the syslog configurations for vCAC log files. To save time, I created a quick script to do the work for me. I thought others may find this valuable and wanted to share.