A public beta product called vCenter Log Insight can be downloaded and tested. I've downloaded and installed this product in my lab. The install/configure takes at most 5 minutes of your time. The product currently in public beta, is going to be licensed per host, and you'll need vCenter which is a central point where the Log Insight product connects. (even if the logs get collected directly from ESXi hosts, the assistant needs vCenter to setup the link).
vCenter log Insight is extensible what's called Content Packs. Those are community or partner's add ons which allows with During the Online demo there has been a single content pack present, the default one. But users can easily create and export/import content packs through the product.
vCenter log insight is a product that has been developed by company called Pattern Insight, acquired in august 2012 by VMware. Now, almost one year later, it's a first time that a public release is available.
vCenter Log Insight – quote from the press release.
Purpose-built for log analytics, VMware vCenter Log Insight delivers automated log management through log aggregation, analytics and search for system monitoring, troubleshooting and root cause analysis. The product consumes unstructured log data from a wide range of IT infrastructure components including applications, firewalls, network devices, operating systems, storage, virtual machines and hosts, and more, to provide enterprise-wide visibility. VMware vCenter Log Insight supports streaming data and real-time queries, and features a just-in-time schema definition that adapts to any data format. Additionally, VMware vCenter Log Insight delivers the performance and scalability required by IT organizations for visualizing and analyzing multi-terabyte datasets.
Optionally, you can also connect to vCenter Operations Manager, which allows to to send alerts to the vCOPS's dashboard.
The Installation and configuration process is very easy:
- Download and import the OVF file
- Connect your web browser to the appliance and follow the assistant
- Change password, configure NTP, Setup the vCenter Link….
You get a dashboard like this…
After a couple of minutes, when you switch to the analytics dashboard … (after 5 min of run).
And screenshot here showing 24h of data (from VMware):
Update: There is no console password when you first login. You must enter a complex root password. When done, you automatically enable SSH, so you can then login remotely.
Then, to forward the logs of all of your ESXi hosts you can use a configuration script which is inside of the appliance. You must first connect to the console or remotely via SSH (via putty for example). There are some examples in the documentation (page 20) for checking whether the ESXi hosts are already sending logs to some locations. Or to set up the ESXi hosts to send those logs to multiple locations. Here is a sample script from the PDF, which configure all ESXi hosts managed by vCenter to send their logs to vCenter Log Insight:
configure-esxi –username ‘my-vc-user' –server myvc.mydomain.com –target udp://loginsight.mydomain.com
Useful links:
- Article by John Herlocker
- Product Page (with some videos)
- Getting Started Guide
- vCenter Log Insight 1.0 Installation and Administration Guide
- vCenter Log Insight 1.0 User Guide
- vCenter Log Insight Community Page
Update: The vCenter Log insight product is GA now. The first release 1.0.4 is 573 Mb in size.
You need to point your ESXi hosts to forward their logs to Log Insight via syslog to get even more value. Tip: take a look at the included configure-esxi script on the virtual appliance.
Hi Jay,
Thanks for pointing that out. I just found it in the Installation and administration guide (from p.20 forward). Very useful.