VMware Cloud Community
rgcda
Enthusiast
Enthusiast
Jump to solution

vSphere 5.5 and excessive logging

I installed Log Insight (version 1.5.0-1435442) several weeks ago and connected it to vCenter.  At that time we were running vCenter 5.5 and ESXi 5.1 U2.  Log Insight was picking up some stuff from vCenter that I was going to start looking at and appeared to be working fine.  I upgraded to vCenter 5.5 U1 and ESXi 5.5 U1 last Wednesday and the amount of data coming from that environment has increased exponentially.  The Log Insight appliance indicates that it's dropping 500 million events a day.  I don't really know where to begin with identifying what the issue is.  The vCenter and ESXi servers appear to be operating appropriately.  There seems to be an excessive amount of logging occurring.  The average ingestion rate is 2,847 per second and we only have 16 ESXi servers and vCenter, a couple of UCS pods, and vCOPS configured to send info to Log Insight.  From what I can tell there is barely anything coming from vCOPS and UCS.

Labels (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
sflanders
Commander
Commander
Jump to solution

To address the drop issue you will need to increase the resources on the Log Insight virtual appliance. You will need at least 8 CPU, 16 GB of memory and 1000 IOPS to keep up with that load. Once you address the resource issue, go to the Interactive Analytics page and just below the chart, change from count of events over time to count of events by hostname. This will tell you which devices are generating the most events in your environment. I hope this helps!

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

Reply
0 Kudos
5 Replies
sflanders
Commander
Commander
Jump to solution

To address the drop issue you will need to increase the resources on the Log Insight virtual appliance. You will need at least 8 CPU, 16 GB of memory and 1000 IOPS to keep up with that load. Once you address the resource issue, go to the Interactive Analytics page and just below the chart, change from count of events over time to count of events by hostname. This will tell you which devices are generating the most events in your environment. I hope this helps!

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Does my answer address your question? If so, can you please mark this question as answered?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
rgcda
Enthusiast
Enthusiast
Jump to solution

I didn't increase the size of the virtual machine because it was sized appropriately, but your answer was extremely helpful in helping me identify what ESXi host was spewing logging.  It ended up being a couple of ESXi hosts complaining about Active Directory and I rebooted them and the issue went away.  Thanks a lot.

Reply
0 Kudos
rgcda
Enthusiast
Enthusiast
Jump to solution

For some reason the buttons to mark the post as correct are not here?

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Glad it helped!


Appears to be a bug in IE, try a different browser Smiley Happy

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos