You can view system and user-defined alerts and check whether their notifications are activated. You can activate or deactivate multiple system and user-defined alerts, and set up email and webhook notifications for multiple user-defined alerts. You can also view the history of user-defined alerts.
Prerequisites
- Verify that you are logged in to the vRealize Log Insight web user interface, for which the URL format is https://log_insight-host. Here, log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Verify that your user account is associated with a role that has the relevant permissions for alerts.
If your user account is assigned a role with view access to alerts (for example, the User role), you can view and manage all the alerts in your organization.
If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):For information about roles, see Create and Modify Roles in Administering vRealize Log Insight.- You can activate or deactivate all the system alerts in your organization.
- You can create, modify, and remove all the user-defined alerts in your organization.
Procedure
Example: Activate an Alert from the VMware - vSphere Content Pack
The VMware - vSphere content pack contains several predefined alert queries, including the ESXi: Stopped logging alert.
Enabling the ESXi: Stopped logging alert is a good practice, because certain versions of ESXi hosts might stop sending syslog data when you restart vRealize Log Insight. This alert monitors for the vCenter Server event esx.problem.vmsyslogd.remote.failure to detect if there is an ESXi host that has stopped sending syslog feeds.
- Navigate to Alerts > Alerts Definition.
- Search for the VMware - vSphere content pack alert *** CRITICAL *** ESXi: Stopped logging and click the alert name.
- Click the Edit icon in the upper-right corner.
- Activate email notifications, webhook notifications, or vRealize Operations notification events.
- Click Enable.
To detect only ESXi hosts that stop sending feeds to your instance of vRealize Log Insight, you can add the following filter to the alert query: vc_remote_host (VMware - vSphere) contains <log-insight-hostname>, and save the new query to your alerts.
For details about syslog problems and solutions, see the Knowledge Base article VMware ESXi 5.x host stops sending syslogs to the remote server (2003127) at https://kb.vmware.com/kb/2003127.