To conclude the series on Log Insight system architecture I would like to talk about the life of an event. This post needed to come last so that the relevant system architecture could be discussed first.
I sat in on an interesting conversation recently where the question was raised whether upgrades for products should be done in-place versus via a migration. In this post, I would like to talk about the different upgrade types, discuss typical customer expectations and provide some insight into my opinions on the topic.
The Log Insight agent can be configured to monitor log files within specific directories. It is important to understand how and when the agent detects directories and files in order to ensure that events are monitored and collected properly. In this post, I will discuss the differences between how the agent handles directories versus files.
So I am sure you have heard the term “best practices” before. The phrase literally means the best way to practice/configure/administrate/operate/etc something. The problem with best practices is that what is best for one is often not best for all. To complicate matters, declared best practices are often dependent on a variety of items including environment, requirements, and expertise. People have debated the use of the term “best practices” and many have suggested using the term “recommended practices” instead. The connotation of recommended is that it is the de facto standard given a lack of context. In other words, a recommended practice is the recommended way to configure/administrate/operate/etc something in most cases or in cases where no additional information/requirements/etc are given.
You may be asking why I am bringing this up…
When architecting any syslog solution several things need to be taken into consideration. Outside of requirements, I would like to discuss some of the technical considerations that need to be taken into account.
When architecting a syslog solution, it is important to understand the requirements both from a business and a product perspective. I would like to discuss the different remote syslog architectures that are possible when using vCenter Log Insight.