The vRealize Log Insight instance that is deployed by SDDC Manager is licensed separately. When the vRealize Log Insight instance is licensed for use in your Cloud Foundation environment, you can use the capabilities of vRealize Log Insight to work with the event and log data that is collected from the various hardware devices and SDDC virtual infrastructure.

vRealize Log Insight is a log aggregator that provides simplified log viewing and analysis. Events and log content for the environment's physical resources and the virtual infrastructure are collected by the vRealize Log Insight instance, which indexes them and then provides unified querying and analysis of the content for problem diagnosis and repair. As a result, logging in to the vRealize Log Insight Web interface provides a unified view of event and log information to assist with troubleshooting. Data from the events and audit events raised by SDDC Manager is also sent to the vRealize Log Insight instance, and you can use its searching, query, and reporting features to create trend reports and auditing reports from the event history.

You can configure the vRealize Log Insight instance for remote syslog forwarding to an instance of vRealize Log Insight that is external to the Cloud Foundation installation or to another syslog server. You configure vRealize Log Insight to forward incoming events to a syslog target using the Event Forwarding page of the vRealize Log Insight Web interface. For the steps on configuring event forwarding in the vRealize Log Insight Web interface, see Add vRealize Log Insight Event Forwarding Destination in the vRealize Log Insight 3.3 documentation center at http://pubs.vmware.com/log-insight-33/index.jsp.

For the steps to log in to the vRealize Log Insight Web interface from the SDDC Manager client, see Get Started Using the vRealize Log Insight Instance.

Note:

The vRealize Log Insight environment that SDDC Manager deploys is sized for monitoring the hardware and software of your Cloud Foundation installation only. The default sizing accommodates the events and logs expected to be sent by the Cloud Foundation environment. This sizing might not accommodate the numbers of events and logs coming from additional applications or VMs that reside outside of your Cloud Foundation environment. Therefore, configuring the vRealize Log Insight environment that is deployed by SDDC Manager to collect events logs from additional applications or VMs that reside outside of your Cloud Foundation environment is not supported in this release.

Content Packs

The vRealize Log Insight instance includes a set of content packs. Content packs are read-only plug-ins to vRealize Log Insight that provide pre-defined knowledge about specific types of events such as log messages. The purpose of a content pack is to provide knowledge about a specific set of events in a format that is easily understandable by administrators, monitoring teams, and executives. A content pack consists of information that can be saved from either the Dashboards or Interactive Analytics pages in the vRealize Log Insight Web interface. Such information typically includes:

  • Queries

  • Fields

  • Aggregations

  • Alerts

  • Dashboards

The vRealize Log Insight instance includes a number of VMware content packs, including the Cloud Foundation content pack. For a detailed description of the Cloud Foundation content pack, see SDDC Manager Content Pack. For descriptions of the other installed content packs, use the Content Packs choice from the upper right drop-down menu in the vRealize Log Insight Web interface and select the content pack's name in the list.

Content Pack

Overview

Cloud Foundation

This content pack includes an overview dashboard that gives overall summary views of the data sent by the Cloud Foundation, and also provides detailed views for the various levels of interest, such as rack-level, server-level, switch-level, device-level, and so on.

General

This content pack includes four dashboards, providing generic information about any events being sent to the vRealize Log Insight instance, configured vRealize Log Insight agents, and information discovered by the machine learning capabilities

vSphere

This content pack provides various dashboards and filters to give you insight into the data that is sent by the management and workload domains' vCenter Server instances.

NSX for vSphere

This content pack provides various dashboards and filters to give you insight into the data that is sent by the NSX for vSphere virtual infrastructure in the management and workload domains' vCenter Server instances.

Horizon View

This content pack provides various dashboards and filters to give you insight into the data that is sent by the VDI workload domain's virtual infrastructure. Log information from the VDI workload domain's servers is collected and consolidated.

Virtual SAN

This content pack provides various dashboards and filters to give you insight into the logs that are sent by the management and workload domains' Virtual SAN features.

To see the dashboards for one of the content packs in the vRealize Log Insight Web interface, select Dashboards and then select the specific content pack in the left hand drop-down menu.

SDDC Manager Content Pack

The SDDC Manager content pack provides graphical summary views for various SDDC Manager events that are sent to vRealize Log Insight. The content pack organizes the views into multiple tabs that display collected information about various aspects of the installation. The top Overview tab includes high-level overview of all events such as count of events by severity, count of events by rack, critical events by server and by switch, server and network events by rack, timeline view of events, audit event summary and so on. The content pack's other tabs provide detailed information about events at the various hardware levels of the installation, such at the rack-level, server-level, switch-level, component-level, and so on. As a result, this set of tabs gives you the ability to get an overall cross-system view using the Overview tab, and then drill-down into the hardware level you are interested in by using the other tabs.

The Audits - Summary tab provides views of the collected audit event data by severity, by system audit event and user audit event, and a timeline view of audit events.