In Part 1 of this series we covered the simple installation and configuration of VMware vRealize Log Insight. In Part 2 we will cover how we can further configure and customise Log Insight via Content Packs in order to leverage further logging capabilities.

As mentioned in Part 1, one of the caveats of utilising this ‘free’ version of Log Insight (or more aptly, the 25 OSI license available to all vCenter Server licensees), is the ability to use VMware-only Content Packs. This is far from a bad thing and, as a result, enables us to integrate with other VMware products including NSX, Horizon, SRM, etc. In this article we will focus on the former product.

Similarly to my previous post where I configured all ESXi hosts to forward Syslog data to a our new Log Insight server via the Syslog.global.logHost attribute, the below steps will detail how to configure the NSX Manager, all NSX Controllers, as well as Distributed Logical Routers and Edge Service Gateways to do the same. For the most part, this is done simply via UI (DLRs, ESGs, and NSX Manager), however, configuration of the NSX Controllers is via REST API only. More on the latter item later.

Content Pack Installation – VMware NSX-vSphere

1. Browse to Settings > Content Packs > Content Pack Marketplace > Marketplace.
2. From the grid of Content Packs, select VMware – NSX-vSphere.vRealize_Log_Insight_Part_2_VMware_NSX_Integration_01

2. When presented with the Install Content Pack  window, review the information and, when ready, click Install.vRealize_Log_Insight_Part_2_VMware_NSX_Integration_02

3. Review the Setup Instructions and click OK.vRealize_Log_Insight_Part_2_VMware_NSX_Integration_03

As far as the installation goes, that’s it. vRealize Log Insight is now ready to receive Syslog data from VMware NSX. To that end, we now need to configure all elements of NSX to forward this Syslog data.

NSX Manager

First up, NSX Manager. Nice and easy, and configurable via a few simple steps.

1. Login to NSX Manager.
2. Click Manager Appliance Settings.

3. Under the Syslog Server section, click Edit.

4. Enter the FQDN/IP Address of your vRealize Log Insight server, Port (default 514), and Protocol (UDP). When complete, click OK.

NSX Distributed Logical Router & Edge Services Gateway

As above, another simple process for each of your DLRs and ESGs.

1. Browse to Networking & Security > NSX Edges and double-click into each of the Edges you wish to monitor. Remember, a 25 OSI limit is included with this basic license, therefore, if you have a high number of edges, which ones you choose to monitor will be down to you.

2. Browse to Manage > Settings > Configuration and, under the Details section, click Change next to the Syslog Servers.

3. Enter the FQDN/IP Address of your vRealize Log Insight server, and select the protocol. When complete, click OK.

NSX Controllers

Configuration of the NSX Controllers is a little different as configuration is via REST API only. First of all, we need to identify our NSX Controller IDs in readiness for the configuration.

1. Identify Controller IDs by browsing to Networking & Security > Installation and Upgrade > Management. The Controller IDs can be identified under the Controller Node column (in the below example, these are controller-16, controller-17, and controller-19).

2. Via your REST client of choice (I’m using the Chrome-based Postman extension), the below payload will need to be sent to each of your NSX Controllers.

POST

CUSTOM HEADERS

REQUEST BODY

3. Confirm the new configuration by a final GET request.

GET

In conclusion, and as a result of adding both vSphere and NSX elements to Log Insight, you are now blessed with some very powerful data when it comes to either troubleshooting or environment tuning. Furthermore, if you utilise any other VMware products then please do take a look to see if a corresponding Content Pack exists, however, do keep in mind the 25 OSI.

Further Information