Skip to content

Tag: syslog

12 Reasons Why You Should Use The Log Insight Agent

When the Log Insight Windows agent was released in version 2.0, the decision to use the agent was easy because Windows does not natively support syslog. Given the release of the Log Insight Linux agent, I have been asked a few times why the agent should be used over already available syslog agents like Rsyslog and Syslog-NG for sending events to a remote destination like Log Insight. I would like to cover 12 reasons in this post.
li-agent

vRA Remote Logging

My post on vCAC logging has been quite popular since its release. With VMware’s release of new and updated management products at the end of 2014, some changes to vCAC, now vRA, exist. In order to avoid confusion by attempting to update the older post, I decided it was time for a new post. Also, with the release of the Log Insight Linux agent, it is a good time to show end-to-end remote logging for vRA when leveraging the Log Insight agents.
Unfortunately, vRA still does not support setting a remote syslog destination to forward all vRA logs within the GUI yet. Like last time, I would like to cover where all the log files are located and more importantly how you can forward them to a remote syslog destination like Log Insight.
vRA Product Icon Mac_0

Log Insight Cluster: Data Not Balanced Across Nodes

In Log Insight 2.0 a scale-out feature was introduced. The best practice when using scale-out is to configure an external load balancer in front of the cluster and send all ingestion traffic (i.e. syslog and ingestion API) to the load balancer instead of directly to a node. The reason for this best practice is to assist with balancing data across nodes and also to provide ingestion high availability. In this post, I would like to discuss why data may not be balanced across a Log Insight cluster whether a load balancer is used or not.
unbalanced_scale

Log Insight: Importing Existing Logs

One question I get over and over again is can you / how do you import existing logs into Log Insight? The common use-cases are:

  • Support bundle – someone has a support bundle and wants to analyze the logs
  • RCA – an existing set of logs exist and analysis to determine the root cause of an issue is desired
  • Analysis – a log analysis tool does / did not exist and analysis of previous logs is desired

So, how to you import existing logs into Log Insight?
128

ESXi syslog – A general system error occurred: Internal error

A long time ago, I talked about an internal error messages I received on ESXi. The workaround was to reboot the ESXi host, which is not the best outcome in my opinion. Recently, I hit this issue again, but this time specific to trying to configure remote syslog. I saw this issue will configuring vSphere integration on Log Insight and would like walk through the steps I took to address the issue.
vsphere