Use the built-in problem and alert signatures in vRealize Log Insight for ESXi host and vCenter Server to enable alerts about issues in these components and map these alerts to the vRealize Operations Manager inventory. For each alert, you create one instance for the management data center and one instance for the shared edge and compute data center in each region.

About this task

For basic monitoring the vSphere components, use the following alerts:

Table 1. vSphere Alerts in vRealize Log Insight

Alert Name

Purpose

Severity

*** CRITICAL *** Hardware: Physical event detected

The purpose of this widget is to notify when the following physical hardware events have been detected, which indicates a hardware problem. Under most normal conditions, this widget should return no results. The following types of hardware events are returned

  • Advanced Programmable Interrupt Controller (APIC)

  • Machine Check Exception (MCE)

  • Non-Maskable Interrupt (NMI)

Critical

Hardware: Faulty memory detected

During the previous boot of an ESXi host faulty memory was detected. Unless a corresponding corrected message is seen, the memory should be replaced. 

Critical

*** CRITICAL *** ESXi: Core dump detected

A core dump has been detected, which indicates the failure of a component in ESXi. This issue may lead to VM crashes and/or host PSODs.

Critical

*** CRITICAL *** ESXi: Stopped logging

The purpose of this alert is to notify when an ESXi host has stopped sending syslog to a remote server.

Critical

*** CRITICAL *** ESXi: RAM disk / inode table is full

A root file system has reached its resource pool limit. Various administrative actions depend on the ability to write files to various parts of the root file system and might fail if the RAM disk and/or inode table is full.

Critical

ESXi: HA isolated events by hostname

During a health check, HA determined that a host was isolated. Depending on how HA is configured this may mean that VMs have been failed over from the isolated host.

Critical

vCenter Server: HA connection failure detected

A HA cluster has detected one or more unresponsive ESXi hosts. If the host(s) are marked as dead then VMs running on those hosts will be migrated to other systems.

Critical

Procedure

  1. Open the vRealize Log Insight user interface.
    1. Open a Web browser and go to the following URL.

      Region

      vRealize Log Insight URL

      Region A

      https://sfo01vrli01.sfo01.rainpole.local

      Region B

      https://lax01vrli01.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  2. In the vRealize Log Insight user interface, click Interactive Analytics.
  3. Click the icon and select Manage Alerts.
  4. Select an alert that is related to vSphere resources.
    1. In the search box of the Alerts dialog box, enter the following alert name as a search phrase.

      *** CRITICAL *** ESXi: Core dump detected
    2. Select the alert from the search result and click the Edit icon next to the alert name.
  5. Create an instance of the alert for each data center in the region.
    1. In the New Alert dialog box, click Run Query.

      A query editor page opens.

    2. Click Add Filter and use the drop-down menus to define the following filter.
      Table 2. Filters for vRealize Log Insight in Region A

      Filter

      Value for Management vSphere Alerts in Region A

      Value for Compute vSphere Alerts in Region A

      Object type

      vmw_datacenter

      vmw_datacenter

      Operation

      contains

      contains

      Object

      sfo01-m01dc

      sfo01-w01dc

      Table 3. Filters for vRealize Log Insight in Region B

      Filter

      Value for Management vSphere Alerts in Region B

      Value for Compute vSphere Alerts in Region B

      Object type

      vmw_datacenter

      vmw_datacenter

      Operation

      contains

      contains

      Object

      lax01-m01dc

      lax01-w01dc

    3. Click on the Search icon.
    4. Click the icon and select Create Alert from Query.
    5. In the New Alert dialog box, configure the following alert settings and click Save.
      Table 4. Alerts for vRealize Log Insight in Region A

      Setting

      Value for Management vSphere Alerts in Region A

      Value for Compute vSphere Alerts in Region A

      Name

      *** CRITICAL *** ESXi: Core dump detected (sfo01-m01dc)

      *** CRITICAL *** ESXi: Core dump detected (sfo01-w01dc)

      Description (Recommendation)

      vsphere_alert_purpose

      See vSphere Alerts in vRealize Log Insight.

      vsphere_alert_purpose

      See vSphere Alerts in vRealize Log Insight.

      Email

      Email address to send alerts to

      Email address to send alerts to

      Send to vRealize Operations Manager

      Selected

      Selected

      Fallback Object (All Objects)

      sfo01-m01dc

      sfo01-w01dc

      Criticality

      critical

      critical

      Raise an alert

      On any match

      On any match

      Table 5. Alerts for vRealize Log Insight in Region B

      Setting

      Value for Management vSphere Alerts in Region B

      Value for Compute vSphere Alerts in Region B

      Name

      *** CRITICAL *** ESXi: Core dump detected (lax01-m01dc)

      *** CRITICAL *** ESXi: Core dump detected (lax01-w01dc)

      Description (Recommendation)

      vsphere_alert_purpose

      See vSphere Alerts in vRealize Log Insight.

      vsphere_alert_purpose

      See vSphere Alerts in vRealize Log Insight.

      Email

      Email address to send alerts to

      Email address to send alerts to

      Send to vRealize Operations Manager

      Selected

      Selected

      Fallback Object (All Objects)

      lax01-m01dc

      lax01-w01dc

      Criticality

      critical

      critical

      Raise an alert

      On any match

      On any match

    6. Repeat the steps to create the alert instance for the other data center in the region.
  6. Repeat Step 3 to Step 5 for the rest of the alerts, configuring two instances of each alert in the region.
  7. Repeat the procedure in vRealize Log Insight to create the alerts for both data centers in the other region.