vRealize Log Insight collects NSX logs dynamically when an NSX alert occurs. However, vRealize Network Insight Cloud collects data from NSX every 10 minutes. So, adding vRealize Log Insight in vRealize Network Insight Cloud enables you to get alert information faster, rather than waiting for it.

In the vRealize Network Insight Cloud and vRealize Log Insight integration, the alerts generated by vRealize Log Insight are consumed by vRealize Network Insight Cloud. Whenever a security group is created or modified, the logs of NSX are sent to vRealize Log Insight which in turn sends an alert. After receiving the alert, vRealize Network Insight Cloud polls NSX Manager on which the security group was created and fetches the corresponding data for the changed security groups. Currently, this integration supports only the security group CRUD-related alerts.

Note: vRealize Network Insight Cloud 6.3 is the last release that supports addition of vRealize Log Insight as a Data Source. Integration of vRealize Network Insight Cloud and vRealize Log Insight was introduced in 3.8 release for alert generation. Now, vRealize Network Insight Cloud directly works with NSX-T notification mechanisms to provide alerts and change information.

Prerequisites

You must be an API user with permissions to install, configure, and manage the content pack.

Procedure

  1. Create or reuse a vRealize Log Insight user with access to the APIs of vRealize Log Insight.
  2. On the Install and Support page, click Accounts and Data Sources.
  3. Click Add Source.
  4. Click Log Insight under Log Servers.
  5. On the Add a New Log Insight Server Account or Source page, click Instructions next to the page title. A pop-up window appears that provides the prerequisites for adding the vRealize Log Insight data source and the instructions to enable the Webhook URL on vRealize Log Insight.
    Note: The Webhook URL, which is generated after the addition of the data source, is used in vRealize Log Insight.
  6. Enter the required details.
    Name Description
    Collector VM Select the IP address of the data collector that you have deployed for the data collection process.
    IP Address / FQDN Enter the IP address or the FQDN of the data source.
    User Name Enter the user name you want to use for a particular data source.
    Password Enter the password for the data source.
    Authentication Provider Select the respective authentication provider for the credentials that you have provided.
  7. After the data source has been created, a pop-up window appears that will provide the Webhook URL and the steps that have to be performed to enable this URL on vRealize Log Insight. Copy the Webhook URL. Log in with the credentials that were used for adding this data source. Enable alerts in the vRealize Log Insight application and configure this Webhook URL. Send Test Alert to ensure that the integration is successful.
    Note: Any alert displayed on the vRealize Log Insight data source in vRealize Network Insight Cloud is resolved in an hour.