As part of vRealize Log Insight configuration, you configure syslog and vRealize Log Insight agents.

Client applications can send logs to vRealize Log Insight in one of the following ways:

  • Directly to vRealize Log Insight over the syslog protocol

  • By using vRealize Log Insight to directly query the vSphere Web Server APIs

  • By using a vRealize Log Insight Agent

Table 1. Direct Log Communication to vRealize Log Insight Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-014

Configure syslog sources to send log data directly to vRealize Log Insight.

Simplifies the design implementation for log sources that are syslog capable.

You must configure syslog sources to forward logs to the vRealize Log Insight VIP.

SDDC-OPS-LOG-016

Configure vCenter Server Appliances and Platform Services Controller Appliances as syslog sources to send log data directly to vRealize Log Insight.

Simplifies the design implementation for log sources that are syslog capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Certain dashboards within vRealize Log Insight require the use of the vRealize Log Insight Agent for proper ingestion.

  • Not all Operating System-level events are forwarded to vRealize Log Insight.

SDDC-OPS-LOG-017

Configure vRealize Log Insight to ingest events, tasks, and alarms from the Management and Compute vCenter Server instances .

Ensures that all tasks, events and alarms generated across all vCenter Server instances in a specific region of the SDDC are captured and analyzed for the administrator.

You must create a service account on vCenter Server to connect vRealize Log Insight for events, tasks, and alarms pulling.

This does not capture Events that occur on the Platform Services Controller.

SDDC-OPS-LOG-018

Do not configure vRealize Log Insight to automatically update all Agents deployed.

Manually update the Log Insight Agents on each of the specified components within the SDDC .

You must maintain manually the vRealize Log Insight agents on each of the SDDC components.