SlideShare a Scribd company logo

Log Analytics by VMware Log Insight

Download as PPTX, PDF
K
Kiss Tibor

The document discusses deploying and configuring VMware Log Insight, integrating it with other VMware products like vSphere and vRealize Operation Manager, using and managing Log Insight features such as machine learning and archiving log data, and using content packs to analyze specific application logs from software like IIS and Cisco UCS. Log Insight provides log management and analytics capabilities through centralized log collection, analysis, and archiving across virtual, cloud, and physical environments.

Technology
1 of 25
Log management and analytics by VMware Log Insight Kiss Tibor vExpert 17/Cloud @kisstib0r kisstibor.info
Agenda 1 Deploy and configure 2 Integration with other VMware Products 3 Using and Managing vRealize Log Insight 4 Content packs
Requirements Analyze • Can analyze any unstructured data, configuration etc… • Automatically identifies structures in the data then uses machine learning to group data Scale • Central, scale out store (no-SQL) for all collceted data • Archiving SDDC • Queries, alerts, fields, charts in the vSphere Content Pack • Ability to search and export Logs entries (even after vCenter has rolled over historical logs) Integration • Root Cause Analysis
Deploy and Configure – Sizing https://docs.vmware.com/en/vRealize-Log-Insight/4.5/com.vmware.log-insight.getting-started.doc/GUID-284FC5F4-B832-47A7-912E-D407A760CAE4.html • Single deployment: Typical OVF deploy process, nothing special, except one -> For large installations, you must upgrade the virtual hardware version of the vRealize Log Insight virtual machine. • Cluster deployment: Use medium configuration, or larger, for the master and worker nodes in a vRealize Log Insight cluster. The number of events per second increases linearly with the number of nodes. Two nodes cluster not supported!!! • Each ESXi host sends up to 10 messages per second with an average message size of 170 bytes/message. This is roughly equivalent to 150MB/day/host. • If you want to use the Extra Small version of the appliance on your laptop, but the laptop does not have enough memory, you can reduce the memory size to 2GB. http://www.vmware.com/go/loginsight/calculator
Deploy and Configure – Examples and advices from real life 1. Install one medium size configurtaion appliance at first 2. Choose different IP address that you want to use for Cluster (Eg.: 10.10.1.11) 3. Use naming conventions (Eg.: SRV-LogNodeW-01) 4. Master and Worker Node(s) runs on different DS 5. Thick Provision Eager Zeroed for performance 6. DO NOT click Configure vSphere Integration yet!
Deploy and Configure – Examples and advices from real life The sum of Syslog Events and API Events. 1. Go Admin page 2. Jump to Administration / Management / Cluster 3. Create VIP (Eg.: 10.10.1.10) a) Easy setup (Integrated Load Balancer) b) You can decide later beside to cluster environment 4. Create „A” DNS record for VIP (Eg.: logs.mydomain.loc) 5. Use VIP FQDN for setups (Eg.: ESXi hosts log settings) Create new Virtual IP
Integration with other VMware Products
Integration with other VMware Products – vSphere 1. Create new Rule / Permission in vCenter a) You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected 2. Create new dedicated service user for Log Insight 3. Assign rule to dedicated service user (use global permission) 4. Add vCenter server(s) to VMware Log Insight 5. Test connection 6. Save settings Level of Integration Required Privileges Events, tasks, and alarms collection System > View System > View is a system-defined privilege. When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system- defined privileges: System > Anonymous, System > View, and System > Read. Syslog configuration on ESXi hosts Host > Configuration > Change settings Host > Configuration > Network configuration Host > Configuration > Advanced Settings Host > Configuration > Security profile and firewall
Integration with other VMware Products – vSphere Check the value of „Syslog.global.logHost” under HOST / Manage / Settings / Advanced System Settings You can see your VIP FQDN address
Integration with other VMware Products – vRealize Operation Manager 1. Create service accont in vROPs (U can use local user) 2. Fill VMware Log Insight Adapter instance in vROPs 3. Test and Save configuration 1. In Log Insight go Administration / Integration / vRealize Operation 2. Add host name or IP, User and Password 3. Enable alerts integration 1. Log Insight user alerts can optionally be sent to vRealize Operations Manager 4. Enable launch in context a) Launch in context allows vRealize Operations Manager to open Log Insight and query for selected objects 5. Test and Save settings
Integration with other VMware Products – vRealize Operation Manager Now, You can see your logs in vRops
Integration with other VMware Products – vRealize Operation Manager • Select one VM in vROPs (MS SQL) and click „Logs” tab • You will see logs from VM • But not only from VM’s level • Now You are able to check state of MS SQL Tr. Log backup job in vROPs Yes! U can do it! DEMO-VM DEMO-VM What?
Integration with other VMware Products – vRealize Operation Manager https://kisstibor.info/2017/10/24/vrealize-log-insight-alert-integrate-with-operation-manager/ Veeam Backup Server Veeam Log folder
Integration with other VMware Products – vRealize Operation Manager https://kisstibor.info/2017/10/24/vrealize-log-insight-alert-integrate-with-operation-manager/
Using and Managing vRealize Log Insight – Who Snapshot, What VM?
Using and Managing vRealize Log Insight – Who Snapshot, What VM? Server name and User who created the snapshot
Using and Managing vRealize Log Insight – Who Snapshot, What VM?
Using and Managing vRealize Log Insight – F5 traffic information How many connections from IP addresses
Using and Managing vRealize Log Insight – Machine Learning Intelligent grouping scans incoming unstructured data and quickly groups messages by problem type
Using and Managing vRealize Log Insight – Expanding Virtual Machine Resources 2 TB VMDK 1 TB VMDK Add storage • Power off the vRealize Log Insight virtual machine • Add virtual disk • As many disks as needed can be added to the vRealize Log Insight virtual appliance, up to 4 TB (plus the OS drive) of total addressable storage • When the vRealize Log Insight virtual appliance is powered on again, the virtual machine discovers the new virtual disk and automatically adds it to the default data volume 0,5 TB VMDK Data Volume OS VMDK =/= 4TB
Using and Managing vRealize Log Insight – Archiving Log Data Data volume DD2500 NFS share Log InsightSources
Content Packs
Content Packs – IIS • Agent must be installed on the server • Change One log file per: Server • IIS content pack uses logs in W3C format • Create new IIS specific agent group
Content Packs – Cisco UCS https://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-manager/110265-setup-syslog-for-ucs.html SLOT 1 SLOT 5 SLOT 3 SLOT 7 SLOT 2 SLOT 6 SLOT 4 SLOT 8 ! UCS 5108 OK FAIL OK FAIL OK FAIL OK FAIL ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3
Log Analytics by VMware Log Insight

Recommended

VMware Log Insight
VMware Log Insight VMware Log Insight
VMware Log Insight Iwan Rahabok
 
Active Directory
Active DirectoryActive Directory
Active DirectoryHameda Hurmat
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMwarertchandu
 
Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android trebleBin Yang
 
EMC Vnx master-presentation
EMC Vnx master-presentationEMC Vnx master-presentation
EMC Vnx master-presentationsolarisyougood
 
Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker, Inc.
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain serviceFestus Oriaku
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsSandeep Patil
 

Recommended

VMware Log Insight
VMware Log Insight VMware Log Insight
VMware Log Insight Iwan Rahabok
 
Active Directory
Active DirectoryActive Directory
Active DirectoryHameda Hurmat
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMwarertchandu
 
Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android trebleBin Yang
 
EMC Vnx master-presentation
EMC Vnx master-presentationEMC Vnx master-presentation
EMC Vnx master-presentationsolarisyougood
 
Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker, Inc.
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain serviceFestus Oriaku
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsSandeep Patil
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
Exchange server.pptx
Exchange server.pptxExchange server.pptx
Exchange server.pptxVignesh kumar
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveShradha Nayak Thakare
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and applicationaminpathan11
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Diana Carolina Torres Viasus
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetupasihan
 
Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]Citrix Systems Japan
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere零壹科技股份有限公司
 
Ha cluster with openSUSE Leap
Ha cluster with openSUSE LeapHa cluster with openSUSE Leap
Ha cluster with openSUSE Leapmedwinz
 
Comparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux SystemComparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux SystemKazi Emad
 
Mariadb une base de données NewSQL
Mariadb une base de données NewSQLMariadb une base de données NewSQL
Mariadb une base de données NewSQLChristophe Villeneuve
 
XDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @CloudflareXDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @CloudflareC4Media
 
Airtel
AirtelAirtel
AirtelNadeem Ahmad
 
High availability virtualization with proxmox
High availability virtualization with proxmoxHigh availability virtualization with proxmox
High availability virtualization with proxmoxOriol Izquierdo Vibalda
 
virtualization (Hyper-V)
virtualization (Hyper-V)virtualization (Hyper-V)
virtualization (Hyper-V)Mohamed Hesham
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin TipsGabriella Davis
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOChris Simmonds
 
Pvs slide
Pvs slidePvs slide
Pvs slideMohit Gupta
 
vRealize Operation 7.5 What's new
vRealize Operation 7.5 What's newvRealize Operation 7.5 What's new
vRealize Operation 7.5 What's newKiss Tibor
 

More Related Content

What's hot

Exchange server.pptx
Exchange server.pptxExchange server.pptx
Exchange server.pptxVignesh kumar
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveShradha Nayak Thakare
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and applicationaminpathan11
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetupasihan
 
Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]Citrix Systems Japan
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
Ha cluster with openSUSE Leap
Ha cluster with openSUSE LeapHa cluster with openSUSE Leap
Ha cluster with openSUSE Leapmedwinz
 
Comparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux SystemComparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux SystemKazi Emad
 
XDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @CloudflareXDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @CloudflareC4Media
 
High availability virtualization with proxmox
High availability virtualization with proxmoxHigh availability virtualization with proxmox
High availability virtualization with proxmoxOriol Izquierdo Vibalda
 
virtualization (Hyper-V)
virtualization (Hyper-V)virtualization (Hyper-V)
virtualization (Hyper-V)Mohamed Hesham
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOChris Simmonds
 

What's hot (20)

Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARM
 
Exchange server.pptx
Exchange server.pptxExchange server.pptx
Exchange server.pptx
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep Dive
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetup
 
Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]Store front 1.2 構築&操作ガイド [basic]
Store front 1.2 構築&操作ガイド [basic]
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere
 
Ha cluster with openSUSE Leap
Ha cluster with openSUSE LeapHa cluster with openSUSE Leap
Ha cluster with openSUSE Leap
 
Comparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux SystemComparative Analysis of Windows and Linux System
Comparative Analysis of Windows and Linux System
 
Mariadb une base de données NewSQL
Mariadb une base de données NewSQLMariadb une base de données NewSQL
Mariadb une base de données NewSQL
 
XDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @CloudflareXDP in Practice: DDoS Mitigation @Cloudflare
XDP in Practice: DDoS Mitigation @Cloudflare
 
Airtel
AirtelAirtel
Airtel
 
High availability virtualization with proxmox
High availability virtualization with proxmoxHigh availability virtualization with proxmox
High availability virtualization with proxmox
 
virtualization (Hyper-V)
virtualization (Hyper-V)virtualization (Hyper-V)
virtualization (Hyper-V)
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIO
 

Similar to Log Analytics by VMware Log Insight

vRealize Operation 7.5 What's new
vRealize Operation 7.5 What's newvRealize Operation 7.5 What's new
vRealize Operation 7.5 What's newKiss Tibor
 
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...VMworld
 
Hortonworks Setup & Configuration on Azure
Hortonworks Setup & Configuration on AzureHortonworks Setup & Configuration on Azure
Hortonworks Setup & Configuration on AzureAnita Luthra
 
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWSAWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWSAmazon Web Services
 
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWSAWS Webcast - Implementing Windows and SQL Server with High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWSAmazon Web Services
 
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS Amazon Web Services
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...BIOVIA
 
WS-013T00A__M02.pptx
WS-013T00A__M02.pptxWS-013T00A__M02.pptx
WS-013T00A__M02.pptxArun536977
 
Creating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceCreating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceAlexey Bokov
 
Rht v sphere-security
Rht v sphere-securityRht v sphere-security
Rht v sphere-securitymikeponderosa
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementSharkrit JOBBO
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS Amazon Web Services
 

Similar to Log Analytics by VMware Log Insight (20)

Pvs slide
Pvs slidePvs slide
Pvs slide
 
vRealize Operation 7.5 What's new
vRealize Operation 7.5 What's newvRealize Operation 7.5 What's new
vRealize Operation 7.5 What's new
 
Azure sharepointsql
Azure sharepointsqlAzure sharepointsql
Azure sharepointsql
 
vSphere
vSpherevSphere
vSphere
 
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
 
Introduction to vSphere logs
Introduction to vSphere logsIntroduction to vSphere logs
Introduction to vSphere logs
 
Fiware cloud developers week brussels
Fiware cloud developers week brusselsFiware cloud developers week brussels
Fiware cloud developers week brussels
 
Hortonworks Setup & Configuration on Azure
Hortonworks Setup & Configuration on AzureHortonworks Setup & Configuration on Azure
Hortonworks Setup & Configuration on Azure
 
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWSAWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
 
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWSAWS Webcast - Implementing Windows and SQL Server with High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server with High Availability on AWS
 
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...
(ATS3-APP13) Tips and Tricks for Monitoring and Managing Symyx Notebook Serve...
 
Installation Guide
Installation GuideInstallation Guide
Installation Guide
 
WS-013T00A__M02.pptx
WS-013T00A__M02.pptxWS-013T00A__M02.pptx
WS-013T00A__M02.pptx
 
Creating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceCreating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplace
 
Rht v sphere-security
Rht v sphere-securityRht v sphere-security
Rht v sphere-security
 
RHT Design for Security
RHT Design for SecurityRHT Design for Security
RHT Design for Security
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server Management
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Log Analytics by VMware Log Insight

  • 1. Log management and analytics by VMware Log Insight Kiss Tibor vExpert 17/Cloud @kisstib0r kisstibor.info
  • 2. Agenda 1 Deploy and configure 2 Integration with other VMware Products 3 Using and Managing vRealize Log Insight 4 Content packs
  • 3. Requirements Analyze • Can analyze any unstructured data, configuration etc… • Automatically identifies structures in the data then uses machine learning to group data Scale • Central, scale out store (no-SQL) for all collceted data • Archiving SDDC • Queries, alerts, fields, charts in the vSphere Content Pack • Ability to search and export Logs entries (even after vCenter has rolled over historical logs) Integration • Root Cause Analysis
  • 4. Deploy and Configure – Sizing https://docs.vmware.com/en/vRealize-Log-Insight/4.5/com.vmware.log-insight.getting-started.doc/GUID-284FC5F4-B832-47A7-912E-D407A760CAE4.html • Single deployment: Typical OVF deploy process, nothing special, except one -> For large installations, you must upgrade the virtual hardware version of the vRealize Log Insight virtual machine. • Cluster deployment: Use medium configuration, or larger, for the master and worker nodes in a vRealize Log Insight cluster. The number of events per second increases linearly with the number of nodes. Two nodes cluster not supported!!! • Each ESXi host sends up to 10 messages per second with an average message size of 170 bytes/message. This is roughly equivalent to 150MB/day/host. • If you want to use the Extra Small version of the appliance on your laptop, but the laptop does not have enough memory, you can reduce the memory size to 2GB. http://www.vmware.com/go/loginsight/calculator
  • 5. Deploy and Configure – Examples and advices from real life 1. Install one medium size configurtaion appliance at first 2. Choose different IP address that you want to use for Cluster (Eg.: 10.10.1.11) 3. Use naming conventions (Eg.: SRV-LogNodeW-01) 4. Master and Worker Node(s) runs on different DS 5. Thick Provision Eager Zeroed for performance 6. DO NOT click Configure vSphere Integration yet!
  • 6. Deploy and Configure – Examples and advices from real life The sum of Syslog Events and API Events. 1. Go Admin page 2. Jump to Administration / Management / Cluster 3. Create VIP (Eg.: 10.10.1.10) a) Easy setup (Integrated Load Balancer) b) You can decide later beside to cluster environment 4. Create „A” DNS record for VIP (Eg.: logs.mydomain.loc) 5. Use VIP FQDN for setups (Eg.: ESXi hosts log settings) Create new Virtual IP
  • 7. Integration with other VMware Products
  • 8. Integration with other VMware Products – vSphere 1. Create new Rule / Permission in vCenter a) You must configure the permission on the top-level folder within the vCenter Server inventory, and verify that the Propagate to children check box is selected 2. Create new dedicated service user for Log Insight 3. Assign rule to dedicated service user (use global permission) 4. Add vCenter server(s) to VMware Log Insight 5. Test connection 6. Save settings Level of Integration Required Privileges Events, tasks, and alarms collection System > View System > View is a system-defined privilege. When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system- defined privileges: System > Anonymous, System > View, and System > Read. Syslog configuration on ESXi hosts Host > Configuration > Change settings Host > Configuration > Network configuration Host > Configuration > Advanced Settings Host > Configuration > Security profile and firewall
  • 9. Integration with other VMware Products – vSphere Check the value of „Syslog.global.logHost” under HOST / Manage / Settings / Advanced System Settings You can see your VIP FQDN address
  • 10. Integration with other VMware Products – vRealize Operation Manager 1. Create service accont in vROPs (U can use local user) 2. Fill VMware Log Insight Adapter instance in vROPs 3. Test and Save configuration 1. In Log Insight go Administration / Integration / vRealize Operation 2. Add host name or IP, User and Password 3. Enable alerts integration 1. Log Insight user alerts can optionally be sent to vRealize Operations Manager 4. Enable launch in context a) Launch in context allows vRealize Operations Manager to open Log Insight and query for selected objects 5. Test and Save settings
  • 11. Integration with other VMware Products – vRealize Operation Manager Now, You can see your logs in vRops
  • 12. Integration with other VMware Products – vRealize Operation Manager • Select one VM in vROPs (MS SQL) and click „Logs” tab • You will see logs from VM • But not only from VM’s level • Now You are able to check state of MS SQL Tr. Log backup job in vROPs Yes! U can do it! DEMO-VM DEMO-VM What?
  • 13. Integration with other VMware Products – vRealize Operation Manager https://kisstibor.info/2017/10/24/vrealize-log-insight-alert-integrate-with-operation-manager/ Veeam Backup Server Veeam Log folder
  • 14. Integration with other VMware Products – vRealize Operation Manager https://kisstibor.info/2017/10/24/vrealize-log-insight-alert-integrate-with-operation-manager/
  • 15. Using and Managing vRealize Log Insight – Who Snapshot, What VM?
  • 16. Using and Managing vRealize Log Insight – Who Snapshot, What VM? Server name and User who created the snapshot
  • 17. Using and Managing vRealize Log Insight – Who Snapshot, What VM?
  • 18. Using and Managing vRealize Log Insight – F5 traffic information How many connections from IP addresses
  • 19. Using and Managing vRealize Log Insight – Machine Learning Intelligent grouping scans incoming unstructured data and quickly groups messages by problem type
  • 20. Using and Managing vRealize Log Insight – Expanding Virtual Machine Resources 2 TB VMDK 1 TB VMDK Add storage • Power off the vRealize Log Insight virtual machine • Add virtual disk • As many disks as needed can be added to the vRealize Log Insight virtual appliance, up to 4 TB (plus the OS drive) of total addressable storage • When the vRealize Log Insight virtual appliance is powered on again, the virtual machine discovers the new virtual disk and automatically adds it to the default data volume 0,5 TB VMDK Data Volume OS VMDK =/= 4TB
  • 21. Using and Managing vRealize Log Insight – Archiving Log Data Data volume DD2500 NFS share Log InsightSources
  • 23. Content Packs – IIS • Agent must be installed on the server • Change One log file per: Server • IIS content pack uses logs in W3C format • Create new IIS specific agent group
  • 24. Content Packs – Cisco UCS https://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-manager/110265-setup-syslog-for-ucs.html SLOT 1 SLOT 5 SLOT 3 SLOT 7 SLOT 2 SLOT 6 SLOT 4 SLOT 8 ! UCS 5108 OK FAIL OK FAIL OK FAIL OK FAIL ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3 ! ResetConsole UCS B200 M3