vRealize Log Insight collects NSX logs dynamically when an NSX event occurs. However, vRealize Network Insight collects data from NSX every 10 minutes. So, adding vRealize Log Insight in vRealize Network Insight enables you to get event information faster, rather than waiting for it.

In the vRealize Network Insight and vRealize Log Insight integration, the alerts generated by vRealize Log Insight are consumed by vRealize Network Insight. Whenever a security group is created or modified, the logs of NSX are sent to vRealize Log Insight which in turn sends an alert. After receiving the alert, vRealize Network Insight polls NSX Manager on which the security group was created and fetches the corresponding data for the changed security groups. Currently, this integration supports only the security group CRUD-related alerts.

Note: vRealize Network Insight 5.0 and later directly works with NSX-T notification mechanisms to provide events and change information. So vRealize Network Insight integration with vRealize Log Insight 8.0 and later is not required, and so you can ignore this procedure. You can continue to use vRealize Log Insight for monitoring NSX-T logs and other SDDC components directly. If you are using vRealize Log Insight 4.8 or earlier, only then you must add vRealize Log Insight as a datasource in vRealize Network Insight.

Prerequisites

You must be an API user with permissions to install, configure, and manage the content pack.

Procedure

  1. Create or reuse a vRealize Log Insight user with access to the APIs of vRealize Log Insight.
  2. On the Install and Support page, click Accounts and Data Sources.
  3. Click Add Source.
  4. Click Log Insight under Log Servers.
  5. On the Add a New Log Insight Server Account or Source page, click Instructions next to the page title. A pop-up window appears that provides the prerequisites for adding the vRealize Log Insight data source and the instructions to enable the Webhook URL on vRealize Log Insight.
    Note: The Webhook URL, which is generated after the addition of the data source, is used in vRealize Log Insight.
  6. Enter the required details.
    Name Description
    Collector VM Select the IP address of the data collector that you have deployed for the data collection process.
    IP Address / FQDN Enter the IP address or the FQDN of the data source.
    User Name Enter the user name you want to use for a particular data source.
    Password Enter the password for the data source.
    Authentication Provider Select the respective authentication provider for the credentials that you have provided.
  7. After the data source has been created, a pop-up window appears that will provide the Webhook URL and the steps that have to be performed to enable this URL on vRealize Log Insight. Copy the Webhook URL. Log in with the credentials that were used for adding this data source. Enable alerts in the vRealize Log Insight application and configure this Webhook URL. Send Test Alert to ensure that the integration is successful.
    Note: Any alert displayed on the vRealize Log Insight data source in vRealize Network Insight is resolved in an hour.