Time synchronization is critical for the core functionality of vRealize Log Insight. By default, vRealize Log Insight synchronizes time with a predefined list of public NTP servers.

NTP Configuration

Configure consistent NTP sources on all systems that send log data (vCenter Server, ESXi, vRealize Operation Manager). See Time Synchronization in the Planning and Preparation document.

Table 1. Time Synchronization Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-LOG-017

Configure consistent NTP sources on all virtual infrastructure and cloud management applications for correct log analysis in vRealize Log Insight.

Guarantees accurate log timestamps.

Requires that all applications synchronize time to the same NTP time source.

ROBO-OPS-LOG-018

Configure NTP source(s) that are located within the ROBO

  • Co-location of NTP source(s) to the vRealize Log Insight cluster guarantees time accuracy across the nodes in the event of a WAN outage.

  • Co-location of NTP source(s) to the vRealize Log Insight cluster ensures time sync between all nodes is as accurate as possible.

You must have NTP source(s) located in your ROBO site.

Cluster Communication

All vRealize Log Insight cluster nodes must be in the same LAN with no firewall or NAT between the nodes.

External Communication

vRealize Log Insight receives log data over the syslog TCP, syslog TLS/SSL, or syslog UDP protocols. Use the default syslog UDP protocol because security is already designed at the level of the management network.

Table 2. Syslog Protocol Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-LOG-019

Communicate with the syslog clients, such as ESXi, vCenter Server, NSX for vSphere, on the default UDP syslog port.

Using the default syslog port simplifies configuration for all syslog sources.

  • If the network connection is interrupted, the syslog traffic is lost.

  • UDP syslog traffic is not secure.