As part of vRealize Log Insight configuration, you configure syslog and vRealize Log Insight agents.

Client applications can send logs to vRealize Log Insight in one of the following ways:

  • Directly to vRealize Log Insight using the syslog TCP, syslog TCP over TLS/SSL, or syslog UDP protocols

  • By using a vRealize Log Insight Agent

  • By using vRealize Log Insight to directly query the vSphere Web Server APIs

  • By using a vRealize Log Insight user interface

Table 1. Design Decisions about Direct Log Communication to vRealize Log Insight

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-018

Configure syslog sources and vRealize Log Insight Agents to send log data directly to the virtual IP (VIP) address of the vRealize Log Insight integrated load balancer (ILB).

  • Allows for future scale-out without reconfiguring all log sources with a new destination address.

  • Simplifies the configuration of log sources within the SDDC

  • You must configure the Integrated Load Balancer on the vRealize Log Insight cluster.

  • You must configure logging sources to forward data to the vRealize Log Insight VIP.

SDDC-OPS-LOG-019

Deploy and configure the vRealize Log Insight agent for the vRealize Automation Windows servers.

  • Windows does not natively support syslog.

  • vRealize Automation requires the use of agents to collect all vRealize Automation logs.

You must manually install and configure the agents on several nodes.

SDDC-OPS-LOG-020

Configure the vRealize Log Insight agent on the vRealize Automation appliance.

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

SDDC-OPS-LOG-021

Configure the vRealize Log Insight agent for the vRealize Business appliances including:

  • Server appliance

  • Data collectors

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

SDDC-OPS-LOG-022

Configure the vRealize Log Insight agent for the vRealize Operation Manager appliances including:

  • Analytics nodes

  • Remote collectors

Simplifies configuration of log sources within the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

SDDC-OPS-LOG-023

Configure the NSX for vSphere components as direct syslog sources for vRealize Log Insight including:

  • NSX Manager

  • NSX Controllers

  • NSX Edge services gateways

Simplifies configuration of log sources within the SDDC that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Not all operating system-level events are forwarded to vRealize Log Insight.

SDDC-OPS-LOG-024

Configure vCenter Server Appliance instances and Platform Services Controller appliances as direct syslog sources to send log data directly to vRealize Log Insight.

Simplifies configuration for log sources that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Certain dashboards in vRealize Log Insight require the use of the vRealize Log Insight Agent for proper ingestion.

  • Not all operating system level events are forwarded to vRealize Log Insight.

SDDC-OPS-LOG-025

Configure vRealize Log Insight to ingest events, tasks, and alarms from the Management vCenter Server and Compute vCenter Server instances .

Ensures that all tasks, events and alarms generated across all vCenter Server instances in a specific region of the SDDC are captured and analyzed for the administrator.

  • You must create a service account on vCenter Server to connect vRealize Log Insight for events, tasks, and alarms pulling.

  • Configuring vSphere Integration within vRealize Log Insight does not capture events that occur on the Platform Services Controller.

SDDC-OPS-LOG-026

Communicate with the syslog clients, such as ESXi, vCenter Server, NSX for vSphere, using the default syslog UDP protocol.

  • Using the default UDP syslog protocol simplifies configuration for all syslog sources

  • UDP syslog protocol is the most common logging protocol that is available across products.

  • UDP has a lower performance overhead compared to TCP.

  • If the network connection is interrupted, the syslog traffic is lost.

  • UDP syslog traffic is not secure.

  • UDP syslog protocol does not support reliability and retry mechanisms.

SDDC-OPS-LOG-027

Include the syslog configuration for vRealize Log Insight in the host profile for the following clusters:

  • Management

  • Shared edge and compute

  • Any additional compute

Simplifies the configuration of the hosts in the cluster and ensures that settings are uniform across the cluster

Every time y ou make an authorized change to a host regarding the syslog configuration you must update the host profile to reflect the change or the status will show non-compliant.

SDDC-OPS-LOG-028

Do not configure vRealize Log Insight to automatically update all deployed agents.

Manually install updated versions of the Log Insight Agents for each of the specified components within the SDDC for precise maintenance.

You must maintain manually the vRealize Log Insight agents on each of the SDDC components.