vRealize Log Insight – Frequently Overlooked Centralised Log Management

    Log analysis has always been a standardised practice for activities such as root cause analysis or advanced troubleshooting when it comes to typical enterprise IT. However, ingesting and analysing these logs that originate from different devices, types, locations and formats, in a meaningful and a co-related way to provide an end to end troubleshooting can often be a challenge. In this post, we have a look at how VMware vRealize Log Insight can provide that intelligent log management and what it can deliver.

    What is it?

    VMware vRealize Log Insight (vRLI) is a product in the vRealize suite specifically designed for heterogeneous and scalable log management across physical, virtual and cloud-based environments. It is designed to be agnostic across what it can ingest logs from and is therefore a perfect candidate in any, public, private or a hybrid cloud IT environment where it can perform the log collection and analytical duties as a single pane of glass across the spectrum.

    With vRealize Log Insight, any customer with a vCenter Server Standard or higher license is entitled to a free 25 OSI pack for vRLI. OSI is known as “Operating System Instance” and is broadly defined as a managed entity which is capable of generating logs. For example, a 25 OSI pack license can be used to cover a vCenter server, a number of ESXi hosts and other devices covered either natively or via VMware Content Packs (with the exception of Custom and 3rd party content packs – standalone vRealize Log Insight license is required for this feature).

    Current Challenges

    Modern data centres and cloud environments are rarely consumed by homogeneous hybrid cloud solutions. Customers often use a number of different technologies from different vendors and operating systems, each aimed at one side of the Hybrid Cloud. With this comes a number of challenges:

    • The inconsistent format of log types – vCenter/ESXi uses syslog for logging, Windows has a bespoke method and various other infrastructure and user applications may simply write log data to a proprietary file in a specific format. This then requires a number of tools/skills to read, interpret and action from this data.
    • Silos of information – The decentralised nature of dispersed logging causes this information to be siloed in different areas. This can have an impact on resolution times for incidents and accuracy of root cause analysis.
    • Manual analysis – Simply logging information can be helpful, but the reason why this is required is to perform post incident analysis to aid in troubleshooting. In most legacy environments, this is a manual process performed by a number of different administrators, often in isolation.
    • Not scalable – As environments grow larger and more complex, having silos of differentiating logging types and formats becomes unwieldy to manage.
    • Cost – While the man hours used to perform manual analysis can be costly, the greatest cost to the business is from the increased downtime due to slow incident resolution time.
    • No correlation – Siloed logs doesn’t cater for any correlation of events/activities across an environment. This can greatly impede efforts in performing activities such as root cause analysis.

    Addressing Challenges With vRealize Log Insight

    VMware vRLI provides a unified, intelligent and an automated hybrid cloud log management engine across a typical hybrid cloud environment. Below are examples of how vRLI can address the aforementioned challenges.

    • Create structure from unstructured data – Collected data is automatically analysed and structured for ease of reporting.
    • Single pane of glass for logging – vRealize Log Insight centrally collates logs from a number of sources which can then be accessed through a single management interface.
    • Automatic analysis – Logs are collected in near real-time and alerts can be configured to inform users of potential issues and unexpected events.
    • Scalable – Advanced licenses of vRealize Log insight include additional features such as Clustering, High Availability, Event Forwarding and Archiving to facilitate a highly scalable, centralised log management solution. vRealize Log Insight is also designed to analyse massive amounts of log data.
    • Cost – Automatic analysis of logs and alerting can assist with reducing man-hours spent manually analysing logs, freeing up IT staff to perform other tasks.
    • Log Correlation – Because logs are centralised and structured events across multiple devices/services can be correlated to identify trends and patterns.


    vRealize Log Insight’s vendor neutral log analytics capabilities can be extended to 3rd party log generators by the use of content packs. Content packs are available from the VMware marketplace.

    Content packs are published either by VMware directly or from vendors to support their own devices/solutions. Examples include:

    • Apache Web Service
    • Brocade Devices
    • Cisco Devices
    • Dell | EMC Devices
    • F5 Devices
    • Juniper Devices
    • Microsoft Active Directory
    • Nimble Devices
    • VMware SRM

    Closing Thoughts

    It’s surprising how underused vRealize Log Insight is considering it comes bundled in as part of any valid vCenter Standard. The modular design of the solution allowing third-party content packs adds a massive degree of flexibility which is not common amongst other centralised logging tools and automatic co-relation of various different log entries from various different log sources help ensure the efficiency of troubleshooting. In a growing digital enterprise, often powered by hybrid cloud technologies with varying components with their proprietary logs, a centralised log management solution with built-in analytics such as vRealize Log Insight has the perfect potential to save many organisations costs and downtime and improve efficiencies.


    Why not read 'VMware Cloud on AWS – An architect’s thoughts'?