In the last post we went through querying logs using the different filter options and how to create a dashboard using the queries in vRealize Log Insight (vRLI).
Part 1: VMware vRealize Log Insight Install and Configure – TheSleepyAdmins
Part 2: VMware vRealize Log Insight AD Authentication and Role Based Access – TheSleepyAdmins
Part 3: VMware vRealize Log Insight Query Logs and Creating Dashboards – TheSleepyAdmins
In this post we will go through adding a Windows server agent and adding the content pack
To add a server we need to download the agent by logging on to vRLI > Administration > Agents and click on download log insight agent.
Select the required agent to be downloaded.
Once downloaded copy the installer to the server and run.
Enter in the FQDN or IP address for the vRLI server is not already there and click install.
To install the agent using command line the below can be used just need to update the path and msi file name.
Path to msi\VMware-Log-Insight-Agent-8.2.0-16776561_*.msi /quietYou can also add some command line switches to change the default install
Path to msi\VMware-Log-Insight-Agent-8.2.0-16776561_*.msi SERVERHOST=LAB-vRLI.thesleepyadmin.local LIAGENT_AUTOUPDATE=yes /quiet /lxv* vRLI_Agent_install.logCommand-line Options for vRealize Log Insight Agent Installation on Linux (vmware.com)
Once installed, the agent should now show under the agent tab in vRLI.
Next we need to add the Windows content pack to vRLI, Go to Content Packs and search for Microsoft Windows
Click on the content pack and install
Now that the content pack is added, we can copy the Microsoft – Windows to a new group so that its assigned to Windows agents.
Select copy template
Give the Agent group a name and description
Once copied you can change the settings if required or turn off some events if there not required, in this we will be leaving them as default.
Add a filter so that the Windows servers are added to the agent group. This can be done by Hostname, IP, OS or version.
Click save new group to finish.
It can take a little while for the agent configuration to update and for events to start being sent.
Once they do start to send events you should see the counters update.
We can now go to Interactive Analytics and query the events logs.
If there are different application specific events logs that need to be added they can be added to the existing group or a different agent group can be created.
To add addtional event logs to the existing agent group, go back to the agent group.
Go to build and on Windows Event Log click new.
Give the Windows Event Log a name
Copy the event log name from Windows event viewer and put this under Windows Event Log Channel in vRLI.
Click save agent group.
Now once a task is run the events should now show in vRLI.
This concluded the series on vRealize Log Insight, going through this shows that log insight is a good tool for centrally managing and monitoring system logs and events and can be used for VMware, Windows and Linux servers. Hope that this series of post have been helpful.
TheSleepyAdmins 