Updated on: 01 December 2021

VMware vRealize Log Insight Cloud | 01 December 2021

Contents

 

December 2021

  • Log Forwarding System Alerts: You can now configure email notifications to receive the following log forwarding errors:
    • Log Forwarding Disabled Temporarily - Log forwarding is temporarily disabled for the next few minutes. Too many log forwarding failures have been detected for the configured endpoint. 
    • Log Forwarding Disabled - Log forwarding is disabled for the configured endpoint due to the inability to establish a connection.
  • Log Collection File Upload: You can now use the simplified log file upload option to upload log files from your local system to vRealize Log Insight Cloud. You can upload up to 10 files of 10 MB each at any given time. The supported file formats for log upload are .log and .txt. This feature lets you quickly visualize Explore Logs, dashboards, alerts, and other capabilities with ease.
  • AWS Lambda and HashiCorp Vault Integration : vRealize Log Insight Cloud uses a lambda function VMware-Log-Insight-Cloud to push logs from AWS CloudWatch, CloudTrail, and many other services to vRealize Log Insight Cloud. If you want to avoid storing vRealize Log Insight Cloud credentials in AWS Lambda functions, you can now configure to read a secret from the HashiCorp Vault Integration.
  • SSL Support for Cloud Proxy: A Cloud Proxy receives log and event information from monitored sources and sends this information to vRealize Log Insight Cloud where it can be queried and analyzed. You can now configure your log sources to forward logs over SSL to the Cloud Proxy.
  • New Region - Asia Pacific (Japan): vRealize Log Insight Cloud is now available in the AWS Asia Pacific (Tokyo) region, in addition to the US(Oregon), Asia-Pacific (Singapore), Asia-Pacific (Sydney), Europe (Frankfurt), Europe (London), South America (Sao Paulo) and Canada(Toronto) regions. 

November 2021

  • Audit Events for VMware Cloud Services Content Pack: This content pack is enhanced to include the Governance aspect of CSP. The following new charts are included with version 2.0 of the content pack:
    • Access Request Raised by Org Members
    • Access Request Raised by Non Org Members
    • Entitlement Request for Org Member Cancelled
    • Entitlement Request for Non Org Member Cancelled
    • Entitlement Request Actions
    • Entitlement Request Approval Actions
    • Violation Policies Updated
    • Entity Violations Count Update OAuth App
    • Entity Violations Count Update API Token
    • Advance Features Toggled

October 2021

  • Alerts and Notifications: You can now customize an alert definition to include extracted fields from logs in the alert title and description. When triggered, the alert sends out a notification to the configured endpoints (email and webhook). Additionally, you can add the following data associated with the alert to the notification.
    • Tags
    • All logs or extracted fields (JSON or table format)
    • Key-value data
  • Azure Network Watcher Content Pack: A Network Security Group (NSG) contains security rules that allow or deny inbound network traffic to, or outbound network traffic from several types of Azure resources. This content pack is enhanced to support NSG logs and include dashboards that provide insights around the network activity to and from your NSGs.

September 2021

  • Log Partitions (Beta): Use vRealize Log Insight Cloud's petabyte scale and index-free log offering to meet your enterprise log management needs such as long-term storage and infrequent access. Indexed and index-free partition types let you segregate data into value groups and define variable retention for better data and cost management. Going forward with log partitions, you can avail flexible pricing and usage monitoring. Log ingestion into index-free partitions supports:
    • Queries (Explore Logs)
    • Live Tail
    • Metric Extraction
    • Log Processing (Filter, Mask, and Tag Logs)
    • Log Retention (up to 7 years)
    • Log Forwarding 
  • In-Product Guides: In-product guides provide a step-by-step walkthrough on how to configure different features available in vRealize Log Insight Cloud. These guided tours include:
    • Adding Log Sources
    • vSphere Integration
    • Content Pack Installation
    • Dashboard Creation
    • Webhook Configuration
    • Alert Creation
    • Log Forwarding
    • Log Partitions
  • NSX-T Events for VMware Cloud SDDC Content Pack: This content pack provides powerful insights into the NSX-T firewall rules and packet traffic rules created in VMware Cloud SDDC, along with audit details. These details let administrators audit, monitor, and troubleshoot the behavior of configured rules in their VMware Cloud SDDC environment. NSX-T 5.0 with Layer 7 security reveals Intrusion Detection and lets Prevention System users do a real-time analysis of log data for investigation, incident response, and forensics of security threats. The content pack is enhanced to include the following dashboards:
    • Traffic Dashboard
      • Top Signature Hits
      • Top Threats
      • Threats Over Time
      • Threats by Severity
      • Top Sources
      • Top Targets
      • Top Threats Category
    • Overview Dashboard
      • Policy Create/Update Events
      • Policy Delete Events
      • Policy Audit Events

August 2021

  • Regional Log Support for Frankfurt and Sydney (Preview): VMware Cloud on AWS SDDCs can now forward vRealize Log Insight Cloud logs to the Asia-Pacific (Sydney) and Europe (Frankfurt) regions, in addition to the US West (Oregon) region. Once applied, this configuration becomes an organization-level change and all the SDDC logs point to the new region. You can select only one vRealize Log Insight Cloud region for an organization. To enable this feature, open a Service Request or Chat with Support.
  • New Region - London and Sao Paulo: vRealize Log Insight Cloud is now available in the AWS Europe (London) and South America (Sao Paulo) region, in addition to the US, Asia-Pacific (Singapore), Asia-Pacific (Sydney), Europe (Frankfurt), and Canada regions.
  • Search Text Box for Log Configuration Rules: Under Log Management, you can now search for and filter configuration rules such as log forwarding, log archiving, and log processing.
  • Live Tail General Availability (GA): Live tail is now available as a GA feature. For a detailed overview, see the live tail blog post.
  • Legends in Dashboards: You can now view legends in dashboard widgets such as pie chart and donut. These legends are filterable and let you apply an inclusion or exclusion filter for the associated data.
  • Self-Service Subscription: You can now use the Subscriptions page to view your subscription status for vRealize Log Insight Cloud and purchase or upgrade to a one or three-year commit model seamlessly.

July 2021

  • New Region - Singapore: vRealize Log Insight Cloud is now available in the AWS Asia-Pacific (Singapore) region, in addition to the US, Asia-Pacific (Sydney), Europe (Frankfurt), and Canada regions. Regional support for VMware Cloud on AWS is currently on the VMware Cloud on AWS roadmap.
  • Enhanced Log Forwarding Filter: Log forwarding from vRealize Log Insight Cloud now supports additional filter options for whether a field exists or not, in addition to existing filter options for whether a field name contains or does not contain specific values. You can specify these filter conditions to select which events are forwarded to an external destination. 
  • SDDC Grouping Activity Logs for VMware Cloud: You can now access all your VMware Cloud SDDC Grouping activity logs in vRealize Log Insight Cloud. These logs correspond to the following activities:
    • Creation of an SDDC Group 
    • Modification of an SDDC Group 
    • Removal of an SDDC Group 
    • Addition of an SDDC Member to a Group 
    • Removal of an SDDC Member from a Group 
    • Addition of a Direct Connect Gateway to a Group 
    • Removal of a Direct Connect Gateway from a Group 
    • Addition of an External AWS Account 
    • Removal of an External AWS Account 
    • Modification of External Attachments

June 2021

For a detailed overview of the June 2021 release updates for vRealize Log Insight Cloud, see https://blogs.vmware.com/management/2021/06/vrealize-log-insight-cloud-june-2021-release.

  • Live Tail (Beta): You can now stream log files and view them in real time as they are ingested into vRealize Log Insight Cloud. You can switch between the Live Tail and Explore Logs pages in the context of search for better troubleshooting. Live tail lets you:
    • Search and browse in context and use saved or favorite queries
    • Use out-of-the-box fields such as source, filepath, and so on
    • Highlight search texts or keywords
    • Pause and resume the live stream 
  • Public Cloud Content Packs: The following content packs are now available for AWS and Azure cloud services with a rich set of out-of-the-box content such as dashboards and queries.
    • AWS - AppConfig, Athena, CloudSearch, CloudTrail, CloudWatch, CodeCommit, Config, DocumentDB, DynamoDB, ElasticBeanstalk, ElasticCache, ElasticSearch, Inspector, RDS, Redshift, Route 53, S3, SNS, and SQS
    • Azure - Active Directory, App Service, Blob Storage, Event Hub, Function App, Kubernetes Service, Network Watcher, Search Service, Service Bus, and SQL

May 2021

  • Knowledge Base (KB) Insights: You can now browse and view the VMware knowledge base such as KB articles and community solutions for log events with errors or exceptions, and take actions to resolve them. KB insights use sophisticated machine learning techniques to help detect and associate log errors or events with suggested solutions from a knowledge base created by experts for similar problems solved in the past. For more information, see https://blogs.vmware.com/management/2021/05/introducing-vrealize-log-insight-cloud-kb-insights.html 
  • What's New: A new user-friendly What’s New pop-up window now provides information about the latest features in vRealize Log Insight Cloud.

February 2021

  • Rsyslog Log Source: You can now configure Rsyslog to collect logs from your host, containers, and services, and forward them to vRealize Log Insight Cloud. You can find the configuration steps within the vRealize Log Insight Cloud user interface.
  • Google Cloud Platform (GCP) Cloud Content Packs: The following content packs are now available with a rich set of out-of-the-box content.
    • App Engine
    • Big Query
    • Cloud Foundation
    • Cloud SQL
    • Cloud Storage
    • Compute Engine
    • Firewall
    • Identity and Access Management (IAM)
    • Kubernetes
    • Load Balancing
    • Virtual Private Cloud (VPC)

January 2021

  • Logstash Log Source: You can now configure Logstash to collect logs from various sources and forward them to vRealize Log Insight Cloud. Logstash is an open source data collection engine with real-time pipelining capabilities. You can find the configuration steps within the  vRealize Log Insight Cloud user interface.
  • Alert Definition: The new alert management UI lets you create a granular rule definition of log alerts/events with the ability to set different notifications for different severities. The Alert Definition options let you browse all the log alert definition rules at one place. You can sort them through text filters or by origin, type, and tags. You can select multiple rules and take actions quickly like add or remove tags, add to a dashboard, or delete them . You can also classify alerts as info, warning, immediate, or critical, and change your notification methods as required. 
  • Alert Exploration: You can browse your security incidents and log alerts similar to log search with the new Triggered Alerts page. You can filter triggered alerts by severity, type, origin, and tags for quick review and prioritization. The new alert notifications include chart visualizations of triggered alerts over a specified time range.
  • VMware Site Recovery Manager Log Integration: VMware Site Recovery Manager (SRM) is a business continuity and disaster recovery solution that helps you plan, test, and run the recovery of virtual machines between a protected vCenter Server site and a recovery vCenter Server site. SRM log integration and content pack is now available, which collects, imports, and analyzes logs to provide real-time answers to problems related to systems, services, and applications, and derive important insights.

December 2020

  • GCP Log Sources: vRealize Log Insight Cloud provides 11 Google Cloud Platform log sources, including applications such as CloudFunctions, Compute Engine, Firewall, Storage, and VPC. You can find the configuration steps for the log sources within the user interface. Once the logging configuration is complete, you can verify the log flow to the environment in Log Sources, on the Logs tab. The log messages already include the field definitions in the log stream to assist with log filtering and alerting. Administrators can also extract custom field definitions.
  • Fluent Bit Log Source: You can now configure Fluent Bit to collect logs from various sources and forward to vRealize Log Insight Cloud. Fluent Bit is an open source Log Processor and Forwarder, which lets you collect data like logs from different sources and enrich them with filters. It is the preferred choice for containerized environments such as Kubernetes. You can find the configuration steps for the Fluent Bit log sources within the vRealize Log Insight Cloud user interface.
  • New Region: EU (Frankfurt): vRealize Log Insight Cloud is now available in the AWS EU (Frankfurt) region.

October 2020

  • Azure Log Sources: vRealize Log Insight Cloud provides 11 Azure Cloud log sources, including applications such as Activity Logs, Blob Storage, Event Hub, Kubernetes Service, Search Service, and SQL. You can find the configuration steps for the log sources within the vRealize Log Insight Cloud user interface. Once the logging configuration is complete, you can verify the log flow to the environment in Log Sources, on the Logs tab. The log messages already include the field definitions in the log stream to assist with log filtering and alerting. Administrators can also extract custom field definitions.
  • New AWS Log Sources: vRealize Log Insight Cloud now provides 41 AWS log sources, including newly added applications such as CodeBuild, Code Deploy, EBS, EventBridge, and Fargate. 

September 2020

  • New Region - APJ (Sydney): vRealize Log Insight Cloud is now available in the AWS APJ (Sydney) region.
  • vRealize Log Insight Cloud from VMware Cloud on AWS Activity Log: You can now access vRealize Log Insight Cloud from the Activity Log through a quick link to view all your logs, including all the events in your Activity Log. 

August 2020

For a detailed overview of the August 2020 release updates for vRealize Log Insight Cloud, see https://blogs.vmware.com/management/2020/09/vmware-vrealize-log-insight-cloud-q3-release-updates.html.

  • AWS Log Sources: vRealize Log Insight Cloud provides 35 AWS log sources, including applications such as CloudTrail, CodeDeploy, and SQS. You can find the configuration steps for the log sources within the user interface. Once the logging configuration is complete, you can verify the log flow to the environment in Log Sources, on the Logs tab. vRealize Log Insight Cloud includes out-of-the-box dashboards for AWS services including DynamoDB, Kinesis, S3, SNS, SQS, and EKS. The log messages already include the field definitions in the log stream to assist with log filtering and alerting. Indexed fields are created based on intelligent grouping algorithms applied to messages that are ingested. Content fields are defined as part of content packs that are enabled. Administrators can also extract custom field definitions.
  • One-Click Field Extraction: vRealize Log Insight Cloud includes a number of extracted fields based on log sources and content packs. The one-click extract field option populates all context values that correspond to the field you select in a log event in a case where you want to assign values to log data that is not already extracted. You can review extracted field regex values that were automatically defined.
  • Home Page Customization: vRealize Log Insight Cloud has a customizable Home page with a drag-and-drop functionality that lets you add widgets to the page. You can also set a dashboard as the landing page, so that the dashboard is the first page you see when you sign in.
  • Dashboard Workbench: vRealize Log Insight Cloud provides the interface for creating dashboards with a drag-and-drop functionality. You can add your most frequently used queries and alerts to your dashboards for quick review. You can also resize widgets and move them around the canvas as desired.
  • Dashboard Filtering with Group Actions: The new dashboard management options let you quickly tag dashboards for specific service roles, sort dashboards through text filters, by content packs, or author. You can filter by your customized lists or by the number of widgets. You can select multiple dashboards and add them to lists, add or remove tags, or delete them. You can manage thousands of dashboards by using filters.
  • Audit Events for VMware Cloud: You can access all your VMware Cloud audit events including Activity Overview, Alarms, Clusters, Datastores, DRS, Hosts, NSX-T Events, Resource Pools, Roles and Permissions, Users, and Virtual Machines. You can quickly access log data from a dashboard query.
  • Log Data Navigation from Dashboards: You can review detailed log queries represented in dashboard widgets.
  • Comprehensive Overview Dashboard: You can review events by type and host name, and review unique instances of event types occurring in your environment.
  • Alert Snoozing: You can quickly disable alerts while troubleshooting a known issue or for scheduled maintenance.
  • Customize Visualizations: You can modify chart types, including new options for Event Streams and Event Trends.
check-circle-line exclamation-circle-line close-line
Scroll to top icon