In Part 1 of this series we covered the simple installation and configuration of VMware vRealize Log Insight. In Part 2 we will cover how we can further configure and customise Log Insight via Content Packs in order to leverage further logging capabilities.
As mentioned in Part 1, one of the caveats of utilising this ‘free’ version of Log Insight (or more aptly, the 25 OSI license available to all vCenter Server licensees), is the ability to use VMware-only Content Packs. This is far from a bad thing and, as a result, enables us to integrate with other VMware products including NSX, Horizon, SRM, etc. In this article we will focus on the former product.
Similarly to my previous post where I configured all ESXi hosts to forward Syslog data to a our new Log Insight server via the Syslog.global.logHost attribute, the below steps will detail how to configure the NSX Manager, all NSX Controllers, as well as Distributed Logical Routers and Edge Service Gateways to do the same. For the most part, this is done simply via UI (DLRs, ESGs, and NSX Manager), however, configuration of the NSX Controllers is via REST API only. More on the latter item later.
Content Pack Installation – VMware NSX-vSphere
As far as the installation goes, that’s it. vRealize Log Insight is now ready to receive Syslog data from VMware NSX. To that end, we now need to configure all elements of NSX to forward this Syslog data.
First up, NSX Manager. Nice and easy, and configurable via a few simple steps.
NSX Distributed Logical Router & Edge Services Gateway
As above, another simple process for each of your DLRs and ESGs.
1. Browse to Networking & Security > NSX Edges and double-click into each of the Edges you wish to monitor. Remember, a 25 OSI limit is included with this basic license, therefore, if you have a high number of edges, which ones you choose to monitor will be down to you.
Configuration of the NSX Controllers is a little different as configuration is via REST API only. First of all, we need to identify our NSX Controller IDs in readiness for the configuration.
1. Identify Controller IDs by browsing to Networking & Security > Installation and Upgrade > Management. The Controller IDs can be identified under the Controller Node column (in the below example, these are controller-16, controller-17, and controller-19).
2. Via your REST client of choice (I’m using the Chrome-based Postman extension), the below payload will need to be sent to each of your NSX Controllers.
Content-Type = application/xml
<controllerSyslogServer> <syslogServer>SYSLOG_SERVER_IP</syslogServer> <port>514</port> <protocol>UDP</protocol> <level>INFO</level> </controllerSyslogServer>
3. Confirm the new configuration by a final GET request.
In conclusion, and as a result of adding both vSphere and NSX elements to Log Insight, you are now blessed with some very powerful data when it comes to either troubleshooting or environment tuning. Furthermore, if you utilise any other VMware products then please do take a look to see if a corresponding Content Pack exists, however, do keep in mind the 25 OSI.