VMware has announced a new version of VMware vCenter Log Insight 2.0. More robust and faster, with speedier log analysis time up to 80 %, and overall speed resolution times up to 50 percent. Fully HTML5 based Web UI. The product also adds clustering approach where several instances of vCenter Log Insight configured in cluster can handle very large environments. You can have up to 6 nodes (soft limit only) where there is one “master” node and the other nodes operates in “worker” mode.
Principal features of the Clustering and Scale Out
- Single UI and Management Interface
- Up to 2Tb of live searchable data per node
- High availability has to use an external load balancer to tolerate node failures when in scale out mode. If one of the nodes goes down, then the current traffic can be redirected to existing nodes. Any product supporting syslog protocol with TCP or UDP. (NSX, vCNS, HI5, Riverbed, HA proxy, Internext…)
What’s new in VMware vCenter Log Insight 2.0:
- Improved Query Performance ( up to 6x faster processing) and 8x faster than the version 1.5 of Log Insight.
- Windows VMs – a very lightweight Windows agent which collects events from servers and desktops
- Predictive Analytics/Machine Learning – for faster problem resolution
- Tighter Integration with vCAC, NSX and Horizon View
- Integration with vCOPs Suite
- Extensibility with Content Packs – Log insight marketplace, extensibility
- Brocade SAN Content Pack – montoros syslog events from Brocade FC switches, generates alerts
Comming up :
Microsoft Exchange content Pack, Microsoft AD content pack, MS Windows content pack.
The Collection Framework
A new ingestion API based on RESTfull. The Windows agent is capable to talk to vCenter Log insight over the Ingestion API, but also can use syslog. The ingestion API supports 1000s concurrent clients.
The native Windows agent (runs as Windows service) has low memory and CPU footprint and collects events from standard or custom Windows event channels, but also collects logs from flat files and directories. For Windows based vCenter servers which stores logs in directories and files (not in Windows events) this can be a very useful solution of collecting logs.
The installation is easy with MSI file which can be rolled out in mass deployment via GPO. The centralized Log insight server can then mass-configure those agents remotely via the ingestion API
Windows Agent config possibilities
There is a config file (simple text file) which changes the configuration for the agent. A few things can be changed through this config file, like that you can specify character set (UTF-8 or UTF-16) , or for non-English locales for Non English OS, or which files you want to include or exclude (using star or question mark).
The server based agent config can configure all agents in mass. Worth to mention that the agent has no dependencies like .NET or so.. (which is good or I’d say perfect).
The goal is to make the troubleshooting as simple as possible. With millions of events coming into Log Insight VMware wants the log insight to be more pro-active. How it works? Via automatic clustering.
- Automatic Clustering which clusters similar messages together
- Automatic Field Extraction – discover fields based on data types
- Everything Log insight learns, it turns into a schema
Better User Interface – with Charts
You can chose from different chart types and you have a help when it comes what’s necessary to chose the one or another. It’ll tell you which type of grouping or which type of function you must be using to get the right type of chart type. Otherwise the chart is grayed out.
Here are the details from the presentation on how to enable one of those chart types (you can click to enlarge)
Message list table can have:
- show/hide columns
- Add to dashboard
- Additional chart types (Bar, Pie, Bubble)
Content Pack Enhancements
- Dashboard filters can be saved as a part of the content pack. When saved, the field you specify then cannot be changed in the content pack.
- You can add more filters yourself to a content pack.
- Widget linking can be useful for troubleshooting
New General Dashboard
The product comes up with two content pack where there is one for vSphere. This content pack has the basics overviews of your environment, then other menus can get some deeper insights in:
- General – Overview
- General – Inventory
- General – Security
- vCenter – Alarms
- vCenter – Tasks
- Storage – Overview
- Storage – SCSI latency/errors
- Storage SCSI Sense Codes
- Storage – NFS
- Virtual Machine
Licensing is newly announced based on (CPU socket licensing), which means that per physical CPU (per ESXi). Previously there has been only OS image licensing. The US based pricing per CPU is announced for $1500 per CPU socket.
Product page – vCenter Log Insight