VMware Announces vCenter Log Insight

VMware continues to innovate and broaden their product portfolio by announcing an all-new product today, VMware vCenter Log Insight. Based on a modified version of the product they purchased in August of 2012 — see VMware Acquires Pattern Insight — the new vCenter Log Insight “enables you to easily perform advanced analytics on log data aggregated across your physical, virtualized and cloud infrastructure, leading to across the board improvements in IT metrics” (according to VMware).

The benefits for the Datacenter admin are:

• Improve security and compliance in the datacenter
• Improve troubleshooting for the virtual and physical infrastructure
• Monitor server, storage, network, and even application data events in greater detail than before
• Prevent the loss of historical event logs
• Correlate vSphere performance and capacity events with vSphere host and vCenter events

Here’s what vCenter Log Insight looks like:

I was fortunate enough to be given advanced access to it and I’ll summarize what I learned in the points below.

Top 10 Things to Know about vCenter Log Insight

1. Virtual Appliance Deployment

Log Insight is deployed as a virtual appliance so, like other VMware virtual appliances, getting up and running is quick and easy. There is no OS to install and no database to configure.

2. Tame Your Logs

Log insight works to consolidate and help you analyze log files from any device that supports syslog. Thus, Log Insight works for physical servers, storage, network device, and virtual machines. Log Insight could even work for any application that you configure to send data to the local syslog on a server (like a database or web server). Currently, these logs are probably overwritten when they fill up and rotate.

3. Cover Yourself

What if a security auditor said that they need to know who has logged into all the ESXi hosts, directly, for the past year? Likely, most VMware admins couldn’t produce that because it’s stored on each server and the logs are rotated and overwritten. With Log Insight you have a history of security events across all devices that you connect.

4. Built-In VMware Knowledge

By default, Log Insight already understands vCenter and ESXi log data and has pre-built dashboards to show the most relevant information.

5. Dashboards

Log Insight Dashboards are powerful and easily customizable.

6. Content Packs

Content packs are pre-built queries to be monitored and Log Insight makes it easy to download dashboards from vendors who will likely offer them and share content packs (that make up a dashboard) with friends.

7. Like Google for Your Logs

What if you have to search log files now? It’s horrific, right? What if you could get something like “Google for your datacenter logs”? I bet you’d like that better, right?

8. vCenter Operations Manager Integration

One of the things that makes Log Insight unique is the integration between vCOPS and Log Insight. By correlating your performance and capacity events with your system log events, you’ll much better be able to track down the root cause of problems in the virtual infrastructure.

9. Works for the Entire Datacenter

I really like that VMware is offering not just a virtual infrastructure log consolidation and analysis tool but a tool that works for the entire datacenter – servers, storage, networking – anything that supports syslog.

10. Better Pricing Model

VMware’s primary competitor in this market, Splunk, charges based on the amount of data that is logged. To me, this is a deterrent to logging and even using the product. Instead, VMware charges based on the number of servers connected (which seems more logical to me) no matter the amount of data that is stored.

Want to try it for yourself? vCenter Log Insight, in its 1.0 open beta form is available for download now. The “GA” version will be available in Q3 2013.

Stay tuned for more information about up upcoming TrainSignal video training course on how to use the new vCenter Log Insight! For more information from VMware on the new product, see: VMware Office of the CTO Blog – vCenter Log Insight.