Mware vRealize Log Insight is deployed in the Management pod using a single cluster configuration, which consists of a minimum of three nodes leveraging the Log Insight Integrated Load Balancer (ILB). A single log message is only present in one location within the cluster at a time. The cluster remains up and available to ingest data and serve queries during any temporary unavailability of a single node.

Data is collected using the syslog protocol or an API. All NSX Manager syslog information, distributed firewall logs, and NSX Edge Services Gateway syslog information is sent to vRealize Log Insight. Each vCloud Director cell produces logs that are sent to vRealize Log Insight as well.

Additional vCloud Director troubleshooting and API access logs are stored locally on the vCloud Director cells. These logs can be forwarded by creating an additional logger that can send diagnostics logs to vRealize Log Insight. For more information see Enabling Centralized Logging in VMware vCloud Director.

VMware vRealize Log Insight Content Pack

vRealize Log Insight gathers log events from multiple sources, and through special content packs delivers solution specific dashboards to perform log analytics, by using redefined alerts. For additional information about vRealize Log Insight solutions, see VMware Solution Exchange.

VMware vRealize Log Insight Archiving

Archiving is primarily a long term retention tool. The process copies raw data to an external NFS storage location. Archives are much smaller than indexes, but require indexing if they are loaded back into the vRealize Log Insight system. For additional information about vRealize Log Insight archiving, see the vRealize Log Insight page .