Configuring vCenter Log Insight

Once you deploy vCenter Log Insight you need to configure it for use. While the initial configuration is straightforward, I figured I would walk through the process and more importantly the considerations.

Navigate to the IP address or hostname of Log Insight in a web browser and you will be presented with the product’s initial configuration wizard.

IMPORTANT: If the console of the virtual appliance does not list an IP or hostname (e.g. http:///) then you will need to fix the DHCP issue or configure a static IP address by powering down the virtual appliance and configuring vApp options.

IMPORTANT: Supported browsers are:

  • Mozilla Firefox 10.x, 19.x, 20.x, and 21.0
  • Google Chrome 27.x, 26.x, and 25.x
  • Safari 6.0
  • Internet Explorer 9.x and 10.x

NOTE: The product ships with a self-signed certificate and you will be redirected to a connection over SSL. As such, you will need to accept the security warning

NOTE: Every setting in the initial configuration wizard can be modified after the fact from the Administration page of the product.

First up, we need to configuration the admin user credentials. ‘admin’ is the default user for the web UI. The only required fields are the password fields.

NOTE: Passwords in the web UI are not checked for complexity and cannot be set to expire.

NOTE: The email field is not used for anything so configuring it has no effect

Next, we need to accept the license key. By default, the public beta comes with a license key build-in.

IMPORTANT: If you happen to delete the license key from the product, you can re-enter it by going to http://<hostname>/admin/license

The General Configuration section is very important. First, it allows you to configure where system notification emails will be sent. Second, it allows you to participate in the customer experience improvement program.

WARNING: System notification emails are used to send information about important system events. This information is not readily displayed in the web UI and it is highly recommended that you configure this field.

NOTE: The customer experience improvement program sends anonymous and encrypted usage information to VMware. You can view the information that will be sent by looking in the /storage/var/loginsight/feedback directory on the virtual appliance. More information is available in the Installation and Administrative Guide.

Time configuration is probably the most important item that needs to be configured. Without proper time configuration troubleshooting an issue can be challenging.

IMPORTANT: If using NTP servers, be sure to validate that they are working by using the Test button (be patient the Test button can take awhile). Log Insight does not validate the NTP servers specified or confirm that time can be collected from the sources specified.

By default, the virtual appliance is configured to use itself as an SMTP server. If you wish to receive system notification emails or created alerts then you should modify these settings and ensure, by using the Send Test Email option, that you can receive emails from the Log Insight.
VMware Integration is one of the best features of the Log Insight product. Today, Log Insight supports integration with both vCenter Server, to collect tasks, events and alarms, and vCenter Operations, to send alarms and enable launch in context between the products.

IMPORTANT: vCenter Server integration only collects tasks, events, and alarms. It does not configure vCenter Server or the syslog collector if available to send syslog messages to Log Insight nor does it configure ESX/ESXi hosts connected to the vCenter Server instance to send log messages to Log Insight (I will cover this in a later post).

NOTE: For vCenter Server integration, read-only permissions are sufficient to perform all operations as long as the user specific has read-only permissions propagated to all objects.

NOTE: For vCenter Operations Manager integration, user permissions are sufficient to perform all operations.

NOTE: Multiple vCenter Server instance can be connected to a single Log Insight instance, but only a single vCenter Operations Manager instance can be configured per Log Insight instance.

Storage configuration allows for a NFS v3 mount point to be specified that can be used to store archived logs messages. This is to allow for extended retention of log messages on (cheaper) storage.

NOTE: Log messages are archived as soon as possible, but retained on the virtual appliance until local space becomes depleted.

IMPORTANT: Archived log messages that have since be removed from the local disk of the virtual appliance cannot be queried against. If you wish to query over archived data you must import the data (more on this in a later post).
WARNING: Log Insight does not manage the NFS mount point and simply attempts to write archived data. If the mount becomes full, Log Insight will not attempt to remove old archived information.

Finally, we must restart the Log Insight process to put the changes into effect.

NOTE: This is a restart of the Log Insight process and not a restart of the virtual machine.

This process should take less than one minute.

Once complete, we are ready to use the product. If no devices are configured to send their log messages to Log Insight and vCenter Server integration was not configured then we are presented with the following page.
Once we configure a device to send logs to Log Insight or enable vCenter Server integration, the web UI will become populated with data.

As you can see, configuring vCenter Log Insight is easy! Next, I will show you how to configure devices to send their logs to Log Insight.

© 2013 – 2021, Steve Flanders. All rights reserved.

2 comments on “Configuring vCenter Log Insight

Haim Chibotero says:

what are the recommend settings and alerts to set once the server is up and running ? and how to configure them ?

If you configured everything in the initial configuration wizard then no other configuration is necessary (note this applies to version 1.0 GA, in 1.5 GA you need to configure vSphere integration after the fact). As for alerts, the answer is it depends. Go to the Interactive Analytics page and from the menu drop-down next to the Search button select Manage Alerts. Look over the vSphere alerts provided in the vSphere content pack and enable those that apply to your environment (FYI the content pack is significantly enhanced in version 1.5, but you can download the update for 1.0 from VMware Solution Exchange). Of all the alerts, the one regarding when ESXi hosts have stopped logging is the most valuable due to the known bug in certain version of ESXi 5.0 and 5.1. I hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top