Setting up a Splunk Server to Monitor a VMware Environment

Version 1

    Introduction

    Gathering and maintaining log files is an important part of a server administrator's duties. Using a centralized logging server, such as a sylog server offers several benefits. The log files become useful for troubleshooting purposes, if needed. Also, keeping an unaltered set of logs in a different location can aid in forensic activities after an attack.

     

    This document explains how to set up Splunk for monitoring a VMware Environment. This includes monitoring the ESX/ESXi Server logs, the vCenter Server Logs and some of the add-on services to vCenter. It also includes generic event logging for Windows and Linux guest operating systems.

     

    Intended Audience

    VMware Certified Professionals, System Management / Sysadmin / Operations

     

    Outline

    1. Requirements

    2. Preparing the Splunk Server

    3. Installing Splunk Server

    4. Setting up ESX Servers and Linux VMs for Monitoring

    5. Setting up ESXi Servers for Monitoring

    6. Setting up vCenter Servers and Windows VMs for Monitoring

    7. Adding Miscellaneous Log Files to Splunk for Monitoring

     

    Resources

     

     

    Author

    David Convery, VMware vExpert 2009

    http://communities.vmware.com/servlet/JiveServlet/download/38-20623/vExpert_logo_100x57.jpg

     

    Also check out http://www.dailyhypervisor.com/ |

    Disclaimer

    You use this proven practice at your discretion. VMware, http://www.dailyhypervisor.com and the author do not guarantee any results from the use of this proven practice. This proven practice is provided on an as-is basis and is for demonstration purposes only.