VMware Cloud Community
Iwan_Rahabok
VMware Employee
VMware Employee
‎06-14-2013 11:29 PM
Jump to solution

How to add non vSphere source?

I've got it installed and it's monitoring 2 vCenters and 6 ESXi, and it's connected to VC Ops 5.7.1 also. LogInsight is working fine 🙂

I'm not able to find the way to add non VMware, such as physical storage or switches or OS (e.g. Windows).

Thanks from Singapore.

e1

e1
1 Solution

Accepted Solutions
sflanders
Commander
Commander
‎06-20-2013 06:31 AM
Jump to solution

1. Correct, besides vCenter Server events, tasks, and alarms and ESXi 4.x and greater you must configure the source directly.

2. This depends on what you are trying to achieve. You can filter based on source or hostname (could be different depending on if you are using an aggregation server) or you could filter by a pattern in the log messages if you can determine one for the device.

"These sources will not appear in Log Insight configuration as it's not configured from Log Insight." - I am not sure what you mean here, but the sources will appear in the interactive analytics page by default.

"I was expecting the configuration to be done from Log Insight so we can control what's coming." - Two things here, first there are way too many sources to support and in general syslog servers today do not typically configure sources for you. Second, you say you want to control whats coming - I assume you mean control what logs messages are and are not sent from the source? If so, this is not possible today, but I would ask why do you want to do that? In general, it is a best practice to send all of your logs as you may need them all to perform a RCA.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

0 Kudos
7 Replies
a_nut_in
Expert
Expert
‎06-16-2013 02:01 AM
Jump to solution

From

http://communities.vmware.com/servlet/JiveServlet/previewBody/23650-102-2-31673/log-insight-10-insta...

and

http://communities.vmware.com/servlet/JiveServlet/previewBody/23713-102-3-31651/VMware-vCenter-Log-I...

I do believe the only devices that Log Insight collects data from now and you can pair with are

1. ESX hosts (script is provided)

2. vCenter (GUI)

3. vCops (GUI)

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!
0 Kudos
IRIX201110141
Champion
Champion
‎06-16-2013 02:51 PM
Jump to solution

I have added some iDRAC and my EqualLogic Group and i can see the log entries in vCenter Log Insight. You have to create a filter based on "source" and choose "start with" to search for IP, or when you have a working reverse DNS, or the FQDN.

If you mark something in the text output you can extract a field to create a new group filter. I didnt find out how to use this in a custom dashboard but i dont havent take a look into the manual yet.

16040:9263:MgmtExec:16-Jun-2013 15:33:36.224028:targetAttr.cc:775:INFO::7.2.47:iSCSI login to target '172.22.149.xxx:3260, 
iqn.2001-05.com.equallogic:0-8a0906-dd2ab870c-f060017cd8750d06-grp-01-003-l' from initiator '172.22.149.xxx:61691, 
iqn.2011-08.local.example:esx-node-99' successful using standard-sized frames. NOTE: More than one initiator is now logged 
in to the target.

Regards,

Joerg

sflanders
Commander
Commander
‎06-16-2013 06:50 PM
Jump to solution

Log Insight can assist with events, task, and alarms from vCenter Server through vCenter Server integration (note - this does *not* include vCenter Server logs) and configuration of ESXi hosts via the configure-esxi command line tool. All other devices must be configured manually and are typically vendor specific. Log Insight is capable of handling an unstructured data, but only allows ingestion over the syslog protocol and more specifically ports 514/tcp, 514/udp, or 1514/ssl(tcp).

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
0 Kudos
MagnusB
VMware Employee
VMware Employee
‎06-18-2013 04:47 AM
Jump to solution

Hi. If you use a syslog agent in Windows then you can insert windows logs into Log Insight

Example of Syslog Agent: http://www.syslogserver.com/syslogagent.html

You don't get a nice overview that you get from vSphere but you can create custom views showing stuff from that windows source

...and of course point it to you Log Insight Appliance's IP address

/Magnus

sflanders
Commander
Commander
‎06-19-2013 08:58 PM
Jump to solution

Hey Iwan - did your question get answered? If so, can you mark it as answered?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
0 Kudos
Iwan_Rahabok
VMware Employee
VMware Employee
‎06-20-2013 01:29 AM
Jump to solution

Thanks everyone for the answer. So the procedure is seems to be:

1. Configure it at the source, not at LogInsight. So if you have an array, configure at the array to point to Log Insight IP address. No login required to pipe logs to Log Insight.

2. In Log Insight, create a filter based on the source IP address.

And here is an example. This one for a switch: http://www.virtualclouds.co.za/?p=753

These sources will not appear in Log Insight configuration as it's not configured from Log Insight. I was expecting the configuration to be done from Log Insight so we can control what's coming.

If my understanding is wrong, do correct me. Thanks again from Singapore!

e1

e1
0 Kudos
sflanders
Commander
Commander
‎06-20-2013 06:31 AM
Jump to solution

1. Correct, besides vCenter Server events, tasks, and alarms and ESXi 4.x and greater you must configure the source directly.

2. This depends on what you are trying to achieve. You can filter based on source or hostname (could be different depending on if you are using an aggregation server) or you could filter by a pattern in the log messages if you can determine one for the device.

"These sources will not appear in Log Insight configuration as it's not configured from Log Insight." - I am not sure what you mean here, but the sources will appear in the interactive analytics page by default.

"I was expecting the configuration to be done from Log Insight so we can control what's coming." - Two things here, first there are way too many sources to support and in general syslog servers today do not typically configure sources for you. Second, you say you want to control whats coming - I assume you mean control what logs messages are and are not sent from the source? If so, this is not possible today, but I would ask why do you want to do that? In general, it is a best practice to send all of your logs as you may need them all to perform a RCA.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
0 Kudos