vRealize Log Insight collects and analyzes all types of machine-generated log data, including application logs, network traces, configuration files, messages, performance data and system state dumps.

You can connect vRealize Log Insight to everything in your environment—operating systems, applications, storage, firewalls, network devices or something else—for enterprise-wide visibility using log analytics.

When vRealize Log Insight is configured and ready to collect logs, there are several ways you can ingest log data including:

  • vSphere Integration — vRealize Log Insight can integrate with vSphere to automatically ingest events from a vCenter server and logs from ESXi hosts.

  • vRealize Operations Manager Integration — vRealize Log Insight can integrate with vRealize Operations Manager to enable various alerts to send notification events in vRealize Operations Manager and e-mails to administrators.

  • Agents — vRealize Log Insight has collection agents available to send files and event logs from Linux or Windows to vRealize Log Insight

  • Syslog — vRealize Log Insight can ingest data from any source via syslog. Just set the vRealize Log Insight server as your syslog destination.

  • CFAPI — Events are sent in their original format to vRealize Log Insight using cfapi. Events sent over cfapi do not have to follow the guidelines of a syslog event and are not modified to comply with the syslog RFC.

Each event contains the following information.

Type

Description

Timestamp

 

The time when the event occurred

Source

 

Where the event originated. This could be the originator of the syslog messages such as an ESXi host or a forwarder such as a syslog aggregation.

Text

 

The raw text of the event.

Fields

 

A name-value pair extracted from the event. Fields are delivered to the server as static fields only when an agent uses the CFAPI protocol.

Note:

vRealize Log Insight is not responsible for the content of the log messages from other VMware products. If you have a question about the log contents, contact the product team that generated the log message.