How To, Virtualization Software, VMware

How to Install VMware Log Insight 1.5

Last year VMware released their solution for log management and analytics for both hosts and guests within your environment.  Log Insight collects real time log events, such as critical errors or authentication issues, from physical and virtual machines.  It then allows you to search them in an intelligent way as well as be alerted via email, SNMP, or through the vCenter Operations Manager product.

Recently they released Log Insight 1.5 (Download here) with many improvements such as Active Directory authentication, unique count function, optimization of common search queries, and other UX improvements.  They’ve also made it easier to collect logs from the ESXi servers.  In this blog we’ll go through the upgrade process and take a look at some of the new features.

If you’re upgrading Log Insight, as I will be in this blog, you need to download the RPM from VMware.  Log Insight is a linux based virtual appliance.  If you do not have the appliance already, you will need to download the OVA file and deploy that through vCenter.  Log Insight can be used with vCenter Server and ESXi versions 4.0 and above.  If you’re planning on using it with vCops then you need at least the Standard edition version 5.6 or higher.

Since we’re running Log Insight 1.0 in this example upgrading from the Web UI is not a possibility so we need to connect to the console via SSH or from the vCenter console.  You will only be able to use SSH if you’ve changed the original root password.  We’ll need to download the RPM as mentioned previously from VMware.com.  Then we’ll use SCP to copy the RPM to our virtual appliance.  I like to use WinSCP.

Once you’ve copied the file in to a location on the virtual appliance get on the console and run the following commands.

1.  Turn off the Log Insight service by typing: service loginsight stop

2.  Go to the directory where you saved the upgrade RPM and type: rpm –Uvh loginsight-cloudvm-<version>-<build>-x86.64.rpm

3.  To restart the Log Insight service type: service loginsight start

You can now login to the Web UI to see the newly upgraded version.  If you check under About you can verify you’re on the correct version.  You’ll also see the new capability to upgrade from the Web UI for future releases.

If you’re interested in implementing Active Directory authentication we can do that now as well.  Click on the settings icon in the top right and then select Administration.  Then select Authentication in the left pane.  Put a check next to Enable Active Directory support and fill out the information appropriately for your domain.  Then click Test Connection to verify you can connect.  Then we’ll finally click Save.

Once you’ve enabled Active Directory you can add new users from your domain by clicking on Users on the left.  Then click New User or New group and enter the user or group you’d like to add as either a Normal User or Admin.

If you look at the dashboards you’ll notice right away that there are more options than in the previous version such as the Advanced Features which shows us various things about HA and DRS events for example.  It also gives us insight into vMotions.

We also see a category for monitoring networking and firewalls, more storage categories and it’s all separated out in a more intuitive way.

If you click on the Settings icon again then click on Content Packs you’ll see that’s changed a bit as well.  They’re now more easily created and downloaded.  There are more content packs available through the VMware Solution Exchange site as well.

This isn’t a major release for Log Insight but it’s no longer a 1.0 product.  They’ve made some nice improvements to the UI and as far as log management products go it’s relatively easy to start using right away.