As a part of vRealize Log Insight configuration, you configure syslog and vRealize Log Insight agents.

Client applications can send logs to vRealize Log Insight in one of the following ways:

  • Directly to vRealize Log Insight using the syslog TCP, syslog TCP over TLS/SSL, or syslog UDP protocols

  • By using a vRealize Log Insight Agent

  • By using vRealize Log Insight to directly query the vSphere Web Server APIs

  • By using a vRealize Log Insight user interface

Table 1. Design Decisions on Log Communication to vRealize Log Insight

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-LOG-014

Configure syslog sources and vRealize Log Insight Agents to send log data directly to the virtual IP (VIP) address of the vRealize Log Insight integrated load balancer (ILB).

  • Supports future scale-out without reconfiguring all log sources with a new destination address.

  • Simplifies the configuration of log sources in the SDDC

  • You must configure the integrated load balancer on the vRealize Log Insight cluster.

  • You must configure logging sources to forward data to the vRealize Log Insight VIP.

ROBO-OPS-LOG-015

Communicate with the vRealize Log Insight Agents using the default Ingestion API (cfapi), default disk buffer of 200 MB and non-default No SSL.

  • Supports multi-line message transmissions from logs.

  • Provides ability to add metadata to events generated from system.

  • Provides client-side compression, buffering, and throttling capabilities ensuring minimal to no message loss during intermittent connection issues

  • Provides server-side administration, metric collection, configurations management of each deployed agent.

  • Supports disaster recovery of components in the SDDC.

  • Transmission traffic is not secure.

  • Agent presence increases the overall resources used on the system.

ROBO-OPS-LOG-016

Deploy and configure the vRealize Log Insight agent for the Windows servers of the vRealize Automation Proxy Agents.

  • Windows Server does not natively support syslog.

  • vRealize Automation requires the use of agents to collect all vRealize Automation logs.

You must manually install and configure the agents on several nodes.

ROBO-OPS-LOG-017

Configure the vRealize Log Insight agent for the data collector appliance of vRealize Business in the ROBO site.

Simplifies configuration of log sources in the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

ROBO-OPS-LOG-018

Configure the vRealize Log Insight agent for the remote collector appliances of vRealize Operations Manager in the ROBO site.

Simplifies configuration of log sources in the SDDC that are pre-packaged with the vRealize Log Insight agent.

You must configure the vRealize Log Insight agent to forward logs to the vRealize Log Insight VIP.

ROBO-OPS-LOG-019

Configure the NSX for vSphere components as direct syslog sources for vRealize Log Insight including:

  • NSX Manager

  • NSX Controllers

  • NSX Edge services gateways

Simplifies configuration of log sources in the SDDC that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Not all operating system-level events are forwarded to vRealize Log Insight.

ROBO-OPS-LOG-020

Configure the vCenter Server Appliance as a syslog source to send log data directly to vRealize Log Insight in the ROBO site.

Simplifies configuration for log sources that are syslog-capable.

  • You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

  • Certain dashboards in vRealize Log Insight require the use of the vRealize Log Insight agent for proper ingestion.

  • Not all operating system level events are forwarded to vRealize Log Insight.

ROBO-OPS-LOG-021

Configure the ROBO vRealize Log Insight to ingest events, tasks, and alarms from the ROBO vCenter Server instance.

Ensures that all tasks, events, and alarms generated by the ROBO vCenter Server instance is captured for analysis by the administrator.

  • You must create a service account on vCenter Server to connect vRealize Log Insight for events, tasks, and alarms pulling.

  • Configuring vSphere Integration within vRealize Log Insight does not capture events that occur on the Platform Services Controller.

ROBO-OPS-LOG-022

Communicate with the syslog clients, such as ESXi, vCenter Server, NSX for vSphere, using the default syslog UDP protocol.

  • Using the default UDP syslog protocol simplifies configuration for all syslog sources

  • UDP syslog protocol is the most common logging protocol that is available across products.

  • UDP has a lower performance overhead compared to TCP.

  • If the network connection is interrupted, the syslog traffic is lost.

  • UDP syslog traffic is not secure.

  • UDP syslog protocol does not support reliability and retry mechanisms.

ROBO-OPS-LOG-023

Include the syslog configuration for vRealize Log Insight in the host profile for the consolidated cluster.

Simplifies the configuration of the hosts in the cluster and ensures that settings are uniform across the cluster

Every time you make an authorized change to a host regarding the syslog configuration you must update the host profile to reflect the change or the status shows non-compliant.

ROBO-OPS-LOG-024

Do not configure vRealize Log Insight to automatically update all deployed agents.

Manually install updated versions of the Log Insight Agents for each of the specified components in the SDDC for precise maintenance.

You must maintain manually the vRealize Log Insight Agents on each of the SDDC components.