What's in the Release NotesThe notes cover the following topics:
- About vRealize Log Insight
- What's New
- Upgrading from a Previous Release
- Internationalization Support
- Resolved Issues
- Known Issues
About vRealize Log Insight
vRealize Log Insight delivers the best real-time and archive log management, especially for VMware environments. Machine learning-based Intelligent Grouping and high-performance search enables faster troubleshooting across physical, virtual, and cloud environments. vRealize Log Insight can analyze terabytes of logs, discover structure in unstructured data, and deliver enterprise-wide visibility using a modern web interface.
For more information, see the vRealize Log Insight product documentation at https://docs.vmware.com/en/vRealize-Log-Insight/index.html.
vRealize Log Insight Server
Here are some of the key highlights of vRealize Log Insight 8.1 that will help you leverage log data more quickly, accurately, and powerfully than ever before:
- Enhanced user experience: New styling, icons, header, and fonts aligned with the rest of the vRealize Suite, and navigation to content packs and administration through tabs.
- URL-based unauthenticated dashboard sharing: Share read-only dashboards with any member of your organization through a URL, hence removing barriers in communication and information sharing with key stakeholders.
- Variable retention by log type: Different types of log data might need different retention periods. You can create and enable a data partition with a filter and a retention period of your choice.
- Expanded horizontal scale: The maximum number of nodes in a cluster has increased from 12 to 18, helping scale your large environments more effectively and reducing administrative overhead.
- Send log count as metrics to vRealize Operations Manager: When vRealize Operations Manager is integrated with vRealize Log Insight and metric calculation is enabled, vRealize Log Insight calculates the number of logs, warnings, and errors and sends them as metrics to vRealize Operations Manager.
- Log management for vSphere Kubernetes Service with vCenter 7.0: Monitor events for vCenter 7.0 with added capability for integrated Kubernetes platform around workloads, services, and components.
- Unlimited log export management: Perform multiple parallel export tasks and monitor the progress of export tasks.
- Content packs: New Linux-systemd content pack for Photon 3.0, RedHat 7.3, SLES 15, and Ubuntu 18.04 operating systems.
vRealize Log Insight Agent
vRealize Log Insight Agent is now open sourced. You can download the agent and importer in the vRealize Log Insight download page under Drivers & Tools, when you open the tools SDK download page.
vRealize Log Insight 8.1 supports the following VMware products and versions:
- vRealize Log Insight can pull events, tasks, and alarms data from VMware vCenter Server 6.0 or later.
- You can integrate vRealize Log Insight 8.1 with vRealize Operations Manager version 8.0.1 or later.
vRealize Log Insight 8.1 supports the following browser versions. More recent browser versions also work with vRealize Log Insight, but have not been validated.
- Mozilla Firefox 72.0 and above
- Google Chrome 78.0 and above
- Safari 11.1 and above
- Internet Explorer 11.0 and above
Note: Internet Explorer Document mode must be used in Standards Mode. Other modes are not supported. The Compatibility View browser mode is not supported.
The minimum supported browser resolution is 1280 by 800 pixels.
Important: Cookies must be enabled in your browser.
The vRealize Log Insight 8.1 Windows agent supports the following versions:
- Windows 7, Windows 8, Windows 8.1, and Windows 10
- Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
The vRealize Log Insight Linux agent supports the following distributions and versions:
- RHEL 5, RHEL 6, and RHEL 7
- SUSE Enterprise Linux (SLES 11 SP3) and SLES 12 SP1
- Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04
- VMware Photon, version 1 revision 2, version 2, and version 3
vRealize Log Insight 8.1 has the following limitations:
- vRealize Log Insight does not handle non-printable ASCII characters correctly.
- vRealize Log Insight does not support printing. However, you can use the Print options of your browser. The printed results might vary depending on the browser that you use. We recommend Internet Explorer or Firefox for printing portions of the vRealize Log Insight user interface.
- The hosts table might display devices more than once with each in a different format, including some combination of IP address, hostname, and FQDN. For example, a device named foo.bar.com might appear as both foo and foo.bar.com.
The hosts table uses the hostname field that is defined in the syslog RFC. If an event sent by a device over the syslog protocol does not have a hostname, vRealize Log Insight uses the source as the hostname. This might result in the device being listed more than once because vRealize Log Insight cannot determine if the two formats point to the same device.
Adding a new data partition or deleting an existing one requires a cluster restart (restarting cluster nodes one by one) for the new configuration to become effective. However, changes in the routing filter, enabled status, and retention period for existing data partitions apply immediately (restarting the cluster is not required).
vRealize Log Insight Windows and Linux Agents
- Non-ASCII characters in hostname and source fields are not delivered correctly when vRealize Log Insight Windows and Linux agents are running in syslog mode.
vRealize Log Insight Windows Agent
- The vRealize Log Insight Windows agent is a 32-bit application and all its requests for opening files from C:\Windows\System32 sub-directories are redirected by WOW64 to C:\Windows\SysWOW64. However, you can configure the vRealize Log Insight Windows agent to collect from C:\Windows\System32 by using the special alias C:\Windows\Sysnative. For example, to collect logs from their default location for the MS DHCP Server, add the following line to the corresponding section of the vRealize Log Insight Windows agent configuration file: =C:\Windows\Sysnative\dhcp.
vRealize Log Insight Linux Agent
- Due to an operating system limitation, the vRealize Log Insight Linux agent does not detect network outages when configured to send events over syslog.
- The vRealize Log Insight Linux agent does not support non-English (UTF-8) symbols in field or tag names.
- The vRealize Log Insight Linux agent collects hidden files and directories by default. To prevent this, you must add an exclude=.* option to every configuration section. The option exclude uses the glob pattern .* which represents hidden file format.
- When standard output redirection to a file is used to produce logs, the vRealize Log Insight agent might not correctly recognize event boundaries in such log files.
vRealize Log Insight Integrations
Launch in context, both from vRealize Log Insight and vRealize Operations, does not work for a virtual machine when the IP address of the virtual machine is not visible to the vRealize Operations instance and is not shown by the vCenter on the virtual machine's VM Summary tab. The IP address might be unavailable because of the absence of the vmware-tools utility. Older, unsupported versions or malfunctioning vmware-tools can also cause the IP address to become unavailable.
Ensure that a proper version of VMware Tools is installed on the virtual machine and that the VM Summary tab of the vCenter displays the IP address of the virtual machine.
Keep in mind the following considerations when upgrading to this version of vRealize Log Insight.
You can upgrade to vRealize Log Insight 8.1 from 8.0 or directly from 4.8.
Important Upgrade Notes
- To upgrade to vRealize Log Insight 8.1, you must be running vRealize Log Insight 8.0 or 4.8.
- When performing a manual upgrade, you must upgrade workers one at a time. Upgrading more than one workers at the same time causes an upgrade failure. When you upgrade the master node to vRealize Log Insight 8.1, a rolling upgrade occurs unless specifically disabled.
- Upgrading must be done from the master node's FQDN. Upgrading with the Integrated Load Balancer IP address is not supported.
- vRealize Log Insight does not support two-node clusters. Add a third vRealize Log Insight node of the same version as the existing two nodes before performing an upgrade.
- If the vRealize Log Insight upgrade (.pak file) has a new JRE version, the user-installed certificates in a vRealize Log Insight setup (such as for event forwarding) become invisible after upgrade.
- If integration destinations provide untrusted certificates for SSL connections, their integration with vRealize Log Insight does not work correctly after an upgrade because the certificates are not added to the truststore. These integration destinations include vSphere, vRealize Operations Manager, event forwarder, Active Directory, and SMTP. As a workaround, in each integration configuration page, test the connection and accept the untrusted SSL certificate if a dialog box appears with the details of the certificate. Accepting the certificate adds it to the truststore.
- Photon OS has improved security policies, which might require you to change the root password after a successful upgrade to Photon OS. This happens only when the root password in SLES expired, but unlike Photon OS, SLES OS did not enforce the update.
- The sshd customized service configuration (/etc/ssh/sshd_config) resets to its default when you upgrade the SLES-based vRealize Log Insight 4.8 to the latest Photon-based vRealize Log Insight. As a workaround, save the /etc/ssh/sshd_config configuration before upgrading and then reconfigure manually after upgrade.
- Photon OS has strict rules for the number of simultaneous ssh connection. Because the MaxAuthtries value is set to 2 by default in the /etc/ssh/sshd_config file, the ssh connection to your vRealize Log Insight virtual appliance might fail in the presence of multiple connections, with the following message: "Received disconnect from xx.xx.xx.xxx port 22:2: Too many authentication failures". You can use any of the following workarounds for this issue:
- Use the IdentitiesOnly=yes option while connecting via ssh: #ssh -o IdentitiesOnly=yes user@ip
- Update the ~/.ssh/config file to add: Host* IdentitiesOnly yes
- Change the MaxAuthtries value by modifying the /etc/ssh/sshd_config file and restarting the sshd service.
- Before starting the upgrade from a vRealize Log Insight 4.8 cluster to 8.1, verify that each node has enough free space in the root partition. For more information, see https://kb.vmware.com/s/article/76282.
vRealize Log Insight 8.1 includes the following localization features.
- The vRealize Log Insight server web user interface is localized to Japanese, French, Spanish, German, Simplified Chinese, Traditional Chinese, and Korean.
- The vRealize Log Insight server web user interface supports Unicode data, including machine learning features.
- vRealize Log Insight agents work on non-English native Windows.
- The agent installer and content pack are not localized. Parts of the vRealize Log Insight server Web user interface might still show non-localized strings and have layout issues.
- vRealize Log Insight is interoperable with localized versions of vCenter Server and vRealize Operations Manager. However, Content Packs depend on matching non-localized log messages. vCenter Server events are retrieved in its default locale, which should be set to en_US. For more information, see http://kb.vmware.com/kb/2121646.
- Integration with Active Directory, vSphere, and vRealize Operations Manager for user names with non-ASCII characters is not supported.
- Localization of event logs is not supported. Event logs support UTF-8 and UTF-16 character encoding only.
- A fresh deployment of vRealize Log Insight 8.1 shows only the English version of the end-user license agreement (EULA).
The following issues have been resolved in this release.
- Agents not available for a long time remain in the Agents page
Agents that are not available for a long time remain in the Administration > Agents page.
Now, only active agents are displayed in this page. The default activity period for agents is three months.
- Trusted certificates do not propagate to cluster nodes
If vIDM is not enabled, trusted certificates accepted from the vRealize Log Insight user interface do not propagate to the cluster nodes.
- Truststore password is corrupted
The truststore password is corrupted when certificates are accepted from the vRealize Log Insight user interface.
The following known issues are present in this release.
- Virtual Center (VC) events collection is delayed
After a restart of the vRealize Log Insight service or a cluster upgrade, Virtual Center (VC) events collection might be delayed if a large number of VC's are integrated.
Workaround: Events are automatically restored as collected after a sufficient amount of time. The length of time depends on your environment. For example, for 80 VCs on a cluster with four nodes, the delay would be an hour.
- Deletion of the vRealize Operations integration fails
If vRealize Log Insight was previously integrated with a vRealize Operations instance but that integration has become unreachable, it is not possible to force a removal of the integration.
Workaround: Refresh and try removing the integration again.
- vRealize Log Insight cannot authenticate users and groups from a second trusted Active Directory when a two-way trust is configured
When an Active Directory is configured with a two-way trust with another Active Directory, vRealize Log Insight cannot authenticate users and groups of the second trusted Active Directory.
Workaround: Use vIDM, which is directly integrated with both Active Directories.
- Collection from some of directories will not take place if they were created before agent start or re-configuration event.
If a new directory is being created after re-configuration of the Agent collection of newly created directories will not happen
Workaround: To start directory monitoring, restart the service or update agent configuration with the liagent.ini file or from the Server Admin Agents page.
- No automatic upgrade for vRealize Log Insight Agent on Photon OS
You cannot perform an automatic upgrade for vRealize Log Insight Agent on Photon OS because Photon OS does not support the gpg command.
Workaround: Perform a manual upgrade.
- SMTP configurations might not work for public mail servers through IPv6
SMTP configurations might not work with public e-mail services such as Google and Yahoo, because these services might leverage tighter restriction policies for IPv6.
Workaround: Use an alternative mail server such as your corporate mail server, or bring up a dedicated server.
- Integrating VMware Identity Manager with vRealize Log Insight through IPv4 changes the redirect URL host to IPv6 address
If you select the option to prefer IPv6 addresses when you deploy a vRealize Log Insight virtual appliance, the redirect URL host list is populated by IPv6 node addresses while integrating with VMware Identity Manager, which does not support IPv6.
Workaround: Create a spare IPv4 VIP for the integration of vRealize Log Insight with VMware Identity Manager.
- Default task name cannot be used for exporting more than 20,000 events
When you export more than 20,000 events, you cannot use the default export task name that is displayed.
Workaround: Use a custom export task name with alphanumeric characters.
- Layout issues in Internet Explorer 11.0
In Internet Explorer 11.0, there are layout issues for the user icon in the header and chart legend list display, on the Dashboards and Interactive Analytics tabs.
Workaround: See https://kb.vmware.com/s/article/78592 for the workaround.
- VMware Marketplace content packs and content pack updates are not displayed when you access vRealize Log Insight by using an FQDN
When you log in to the vRealize Log Insight user interface by using its FQDN, on the Content Packs tab, the Marketplace and Updates pages under Content Pack Marketplace do not display information about the content packs that you can install or deploy directly from VMware Marketplace.
A wrong configuration of the method for the authorization of vRealize Log Insight with VMware Marketplace causes a failure to authorize the internal vRealize Log Insight user with VMware Marketplace when using FQDNs.
Workaround: See https://kb.vmware.com/s/article/78822 for the workaround.