Log Insight

This page contains the most relevant information for VMware Log Insight!

 

li-logo-iconOfficial links

blog-iconBlog posts

Community

SFlanders

Twitter-iconTwitter

This section contains protips that I posted on Twitter. Please note I started this page will after I had started posting protips on Twitter. As such, some protips may be missing. If a protip has become obsolete, I have crossed it out below.

Shortcuts

@smflanders #protip:

  • General
    • #protip: The #LogInsight virtual appliance default root password is empty and SSH is disabled until the password has been set on the console
    • #protip: 4 CPU @ >=2.0GHz, 8GB RAM, and 500 IOPS is the minimum recommended production configuration for #LogInsight
    • #protip: using a FQDN instead of an IP is always recommended in #LogInsight (e.g. cluster config, client agent config, and LB config)
    • #protip: With #LogInsight in scale-out (cluster) use an external LB and point all ingestion traffic to the LB (all nodes should be in pool)
    • #protip: ensure each node in a #LogInsight cluster is configured with a static IP address, DHCP is not supported for production environments
    • #protip: #LogInsight 2.0 supports ingestion over syslog (TCP/UDP/514, TCP[SSL]/1514/6514) and the ingestion API (TCP/9000)
    • #protip: time is very important between nodes in a #LogInsight cluster; be sure to validate time configuration in the administration section
    • #protip a full vDisk for #LogInsight retention is normal, logs are rotated on a FIFO basis and new vDisks can be added to increase retention
    • #protip: After configuring the #LogInsight integrated load balancer add the VIP to DNS and send all query and ingestion traffic to the FQDN.
    • #protip: A #LogInsight cluster is dependent on reliable and accurate DNS and NTP.
    • #protip: A minimum of two DNS and four NTP servers should be configured on every #LogInsight node (and any other system you run).
    • #protip: To remove #vROps integration from #LogInsight, uncheck both checkboxes and select Save
  • Upgrade
    • #protip: Before upgrading #LogInsight take a backup/snapshot of every node
    • #protip: When upgrading a #LogInsight cluster you must upgrade the master first
    • #protip: To upgrade #LogInsight workers, on the master go to the Clusters page under Administration, select maintenance mode then upgrade
    • #protip: #LogInsight workers must be upgraded one at a time
  • 2.0
    • #protip: #LogInsight 2.0 is 6x faster than the competition, features 8x more ingestion than 1.x and is available now. Deploy/Upgrade today!
    • #protip: upgrading to #LogInsight 2.0 requires version 1.5 GA or newer. If running an older version, upgrade to 1.5 first then 2.0.
    • #protip: #LogInsight 2.0 supports up to a 6-node cluster (1 master / 5 workers) supporting up to 45K EPS and 12TB of capacity (2TB per node)
    • #protip: in #LogInsight 2.0 you can change/disable the session timeout through the UI under Administration > General pic.twitter.com/bYSivnPif3
  • 2.5
    • #protip: #LogInsight 2.5 requires a minimum of three nodes in order to provide ingestion HA
    • #protip: #LogInsight 2.5 requires worker to worker communication. See the security guide for details
    • #protip: In #LogInsight 2.5 after adding a worker to a standalone node the integrated load balancer can be configured from the Cluster page
    • #protip: A #LogInsight 2.5 cluster requires two new ports for node-to-node communication: TCP/7000, TCP/9042
    • #protip: In #LogInsight 2.5, content packs, including updated ones, can be downloaded from the in-product marketplace
    • #protip: When integrating #LogInsight 2.5 with #vROps 6.0 you must use a local vR Ops account, AD accounts will not work.
  • Agent
    • #protip: The #LogInsight Windows agent can be downloaded directly from the UI under Administration > Agents (or from http://my.vmware.com )
    • #protip: the #LogInsight@Windows agent will only collect changes to files it monitors unless you add a new file then all data will be sent
    • #protip: You can configure where a #LogInsight #Linux agent sends its logs during installation: SERVERHOST=<LI> rpm -ivh <package>
  • Content Packs
  • Queries
  • Cluster
    • #protip: to create a #LogInsight 2.0 cluster deploy a new node select join existing deployment in config wizard and enter master node’s FQDN
    • #protip: in a #LogInsight cluster, the worker’s UI authenticates against users with the Admin User role on the master (ie no new admin user)
    • #protip: the only reason to log into a #LogInsight worker’s UI is to install a custom web SSL certificate (cannot be pushed by master today)
    • #protip: The #LogInsight integrated load balancer requires that all nodes and the specified VIP be in the same layer 2 network
    • #protip: Using the ingestion API over SSL with a #LogInsight cluster requires changing the SSL certificate on all nodes to be the same.

youtube-iconYouTube Videos

SFlanders

#vBrownBag