Use of the vRealize Log Insight instance that is deployed by SDDC Manager is licensed separately. vRealize Log Insight delivers real-time log management for VMware environments, providing visibility of logs and easier troubleshooting across the physical and virtual infrastructure in your Cloud Foundation installation.
About this task
During the bring-up process of your installation, SDDC Manager deploys and configures the vRealize Log Insight virtual appliance. When you have the license to use that deployed vRealize Log Insight instance, you use the vRealize Log Insight Web interface to perform the tasks related to the collected log and events data, such as troubleshooting and trend analysis and reporting tasks.
The vRealize Log Insight environment that SDDC Manager deploys is sized for monitoring the hardware and software of your Cloud Foundation installation only. The default sizing accommodates the events and logs expected to be sent by the Cloud Foundation environment. This sizing might not accommodate the numbers of events and logs coming from additional applications or VMs that reside outside of your Cloud Foundation environment. Therefore, configuring the vRealize Log Insight environment that is deployed by SDDC Manager to collect events logs from additional applications or VMs that reside outside of your Cloud Foundation environment is not supported in this release.
Also as part of the bring-up process, content packs are installed and configured in the vRealize Log Insight instance. In vRealize Log Insight, a content pack provides dashboards, extracted fields, predefined queries, and alerts that are related to the content pack's specific product or set of logs. When you launch the vRealize Log Insight Web interface, the installed content packs are ready for use. For an overview of these content packs, see Using vRealize Log Insight Capabilities in Your Cloud Foundation Environment. For detailed information on how to use the dashboards, predefined queries, and collected log data in vRealize Log Insight, see the vRealize Log Insight product documentation at https://www.vmware.com/support/pubs/log-insight-pubs.html.
From the SDDC Manager client, you can open the vRealize Log Insight Web interface using the following methods. During a logged-in session of the SDDC Manager client, you must authenticate to vRealize Log Insight the first time you open the vRealize Log Insight Web interface. Subsequent launches do not require re-authentication until the cache for the logged-in session expires or you log out of the vRealize Log Insight Web interface. The launch of the Web interface is context-aware. For example, if you launch using the Analysis button from the Audit Events page, the vRealize Log Insight display is filtered to show the audit events only. You can navigate within the Web interface to view other information collected from your environment.
If this is the first time after the initial bring-up process that the vRealize Log Insight Web interface is launched, type the system-assigned credentials into the login screen and then click Login. Then use the vRealize Log Insight Web interface to assign permissions to your superuser account and other user accounts. You can look up the system-assigned credentials for the vRealize Log Insight Web interface by logging in to the SDDC Manager VM and running the vrm-cli.sh lookup-password in the VM's /home/vrack/bin directory. See Credentials for Logging In To the SDDC Manager (vrm) Virtual Machine and Look Up Account Credentials Using the Lookup-Password Command.
Do not change the password of the admin account from within the vRealize Log Insight Web interface, or unpredictable results can occur. To change the admin account's password without rotating all account passwords, log in to the SDDC Manager VM and use the
vrm-cli.sh rotate-password-li-api command.
- Open the vRealize Log Insight Web interface.
From the Audit Events page, click the Analysis button.
The vRealize Log Insight display is filtered to show the collected audit events only.
From the Events page, click the Analysis button.
The vRealize Log Insight displays all collected events.
From a management domain's details, click the launch link listed in the Management Info area.
The vRealize Log Insight displays all collected events.
- If the vRealize Log Insight login screen appears, log in with the appropriate credentials.
If this is the first time logging in to vRealize Log Insight after the initial bring-up process, use the username admin and the randomized password that was set when the passwords were rotated at the end of the bring-up process.
If you are using an account that was set up for you in vRealize Log Insight, use those credentials to log in.
When you are logging in to the vRealize Log Insight Web interface with the admin account after doing a password rotation, you must use the randomized password that is set for that account by the rotation procedure. For details about password rotation, see On-Demand Password Rotation in Your Cloud Foundation Installation.
The vRealize Log Insight Web interface appears with the display filtered to show the events that meet the criteria for the launch context from SDDC Manager.
What to do next
Examine the descriptions of the content packs that are available by selecting Content Packs in the upper right corner menu.
Examine the data available in the content packs. To display the dashboards for an installed content pack, click Dashboards and use the drop-down menu at the upper left to select the content pack.
Enable login accounts for additional users. See the Managing User Accounts in vRealize Log Insight topic and its subtopics in the vRealize Log Insight product documentation available at the following locations:
From the Help menu choice in the vRealize Log Insight Web interface.
In the vRealize Log Insight product documentation online at http://pubs.vmware.com/log-insight-33/index.jsp.
For detailed information about how to use the content packs and other capabilities of the vRealize Log Insight Web interface, see the vRealize Log Insight product documentation also available at those two locations.