As part of vRealize Log Insight configuration in the Consolidated SDDC, you configure syslog and vRealize Log Insight agents.

Client applications can interact with and send logs to vRealize Log Insight in one of the following ways:

  • Directly to vRealize Log Insight using the syslog TCP, syslog TCP over TLS/SSL, or syslog UDP protocols

  • By using a vRealize Log Insight Agent

  • By using vRealize Log Insight to directly query the vSphere Web Server APIs

  • By using vRealize Log Insight user interface.

Table 1. Design Decisions about Direct Log Communication to vRealize Log Insight

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-OPS-LOG-016

Configure syslog sources and vRealize Log Insight Agents to send log data directly to the virtual IP (VIP) address of the vRealize Log Insight integrated load balancer (ILB).

  • Allows for future scale-out without reconfiguring all log sources with a new destination address.

  • Simplifies the configuration of log sources within the SDDC.

  • You must configure the Integrated Load Balancer on the vRealize Log Insight cluster.

  • You must configure logging sources to forward data to the vRealize Log Insight VIP.

CSDDC-OPS-LOG-017

Deploy and configure the vRealize Log Insight agent for the vRealize Automation Windows servers.

  • Microsoft Windows does not natively support syslog.

  • vRealize Automation requires the use of agents to collect all vRealize Automation logs.

You must manually install and configure the agents on several nodes.

CSDDC-OPS-LOG-018

Configure the vRealize Log Insight agent on the vRealize Automation appliance.

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

CSDDC-OPS-LOG-019

Configure the vRealize Log Insight agent for the vRealize Business appliances including:

  • Server appliance

  • Data collectors

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

CSDDC-OPS-LOG-020

Configure the vRealize Log Insight agent for the vRealize Operation Manager appliances including:

  • Analytics nodes

  • Remote collectors

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

CSDDC-OPS-LOG-021

Configure the NSX for vSphere components as direct syslog sources for vRealize Log Insight including:

  • NSX Manager

  • NSX Controllers

  • NSX Edge services gateways

Simplifies configuration of log sources within the SDDC that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Not all operating system-level events are forwarded to vRealize Log Insight.

CSDDC-OPS-LOG-022

Configure vCenter Server Appliance instances and Platform Services Controller appliances as direct syslog sources for vRealize Log Insight.

Simplifies configuration of log sources within the SDDC that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Certain dashboards within vRealize Log Insight require the use of the vRealize Log Insight Agent deployed on the Platform Services Controller and vCenter Server to populate widgets.

  • Not all operating system-level events are forwarded to vRealize Log Insight.

CSDDC-OPS-LOG-023

Configure vRealize Log Insight to ingest events, tasks, and alarms from the Consolidated vCenter Server instance.

Ensures that all tasks, events and alarms generated across all vCenter Server instances in a specific region of the SDDC are captured and analyzed for the administrator.

  • You must create a service account on vCenter Server to connect vRealize Log Insight for events, tasks, and alarms pulling.

  • The vSphere integration in vRealize Log Insight does not capture events that occur on the Platform Services Controller.

CSDDC-OPS-LOG-024

Communicate with the syslog clients, such as ESXi, vCenter Server, NSX for vSphere, using the default syslog UDP protocol.

  • Using the default UDP syslog protocol simplifies configuration for all syslog sources.

  • UDP syslog protocol is the most common logging protocol that is available across products.

  • UDP has a lower performance overhead compared to TCP.

  • Ensures that growth to the VMware Validated Design two-pod architecture is supported.

  • If the network connection is interrupted, the syslog traffic is lost.

  • UDP syslog traffic is not secure.

  • UDP syslog protocol does not support reliability and retry mechanisms.

CSDDC-OPS-LOG-025

Include the syslog configuration for vRealize Log Insight in the host profile for the consolidated cluster.

Simplifies the configuration of the hosts in the cluster and ensures that settings are uniform across the cluster.

Anytime an authorized change to a host regarding the syslog configuration is made the host profile must be updated to reflect the change or the status will show non-compliant.

CSDDC-OPS-LOG-026

Do not configure vRealize Log Insight agent groups to automatically update all deployed agents.

Manually install updated versions of the Log Insight agents for each of the specified components within the SDDC for precise maintenance.

You must maintain manually the vRealize Log Insight agents on each of the SDDC components.