VMware continues to innovate and broaden their product portfolio by announcing an all-new product today, VMware vCenter Log Insight. Based on a modified version of the product they purchased in August of 2012 — see VMware Acquires Pattern Insight — the new vCenter Log Insight “enables you to easily perform advanced analytics on log data aggregated across your physical, virtualized and cloud infrastructure, leading to across the board improvements in IT metrics” (according to VMware).
The benefits for the Datacenter admin are:
Improve security and compliance in the datacenter
Improve troubleshooting for the virtual and physical infrastructure
Monitor server, storage, network, and even application data events in greater detail than before
Prevent the loss of historical event logs
Correlate vSphere performance and capacity events with vSphere host and vCenter events
Here’s what vCenter Log Insight looks like:
I was fortunate enough to be given advanced access to it and I’ll summarize what I learned in the points below.
Top 10 Things to Know about vCenter Log Insight
1. Virtual Appliance Deployment
Log Insight is deployed as a virtual appliance so, like other VMware virtual appliances, getting up and running is quick and easy. There is no OS to install and no database to configure.
2. Tame Your Logs
Log insight works to consolidate and help you analyze log files from any device that supports syslog. Thus, Log Insight works for physical servers, storage, network device, and virtual machines. Log Insight could even work for any application that you configure to send data to the local syslog on a server (like a database or web server). Currently, these logs are probably overwritten when they fill up and rotate.
3. Cover Yourself
What if a security auditor said that they need to know who has logged into all the ESXi hosts, directly, for the past year? Likely, most VMware admins couldn’t produce that because it’s stored on each server and the logs are rotated and overwritten. With Log Insight you have a history of security events across all devices that you connect.
4. Built-In VMware Knowledge
By default, Log Insight already understands vCenter and ESXi log data and has pre-built dashboards to show the most relevant information.
5. Dashboards
Log Insight Dashboards are powerful and easily customizable.
6. Content Packs
Content packs are pre-built queries to be monitored and Log Insight makes it easy to download dashboards from vendors who will likely offer them and share content packs (that make up a dashboard) with friends.
7. Like Google for Your Logs
What if you have to search log files now? It’s horrific, right? What if you could get something like “Google for your datacenter logs”? I bet you’d like that better, right?
8. vCenter Operations Manager Integration
One of the things that makes Log Insight unique is the integration between vCOPS and Log Insight. By correlating your performance and capacity events with your system log events, you’ll much better be able to track down the root cause of problems in the virtual infrastructure.
9. Works for the Entire Datacenter
I really like that VMware is offering not just a virtual infrastructure log consolidation and analysis tool but a tool that works for the entire datacenter – servers, storage, networking – anything that supports syslog.
10. Better Pricing Model
VMware’s primary competitor in this market, Splunk, charges based on the amount of data that is logged. To me, this is a deterrent to logging and even using the product. Instead, VMware charges based on the number of servers connected (which seems more logical to me) no matter the amount of data that is stored.
Stay tuned for more information about up upcoming TrainSignal video training course on how to use the new vCenter Log Insight! For more information from VMware on the new product, see: VMware Office of the CTO Blog – vCenter Log Insight.
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.