As first thing bookmark the VMware vCenter Log Insight documentation.
Log Insight installation is a quite straightforward process. Download the OVA file from VMware.com and deploy it in the classic way.
During deployment you will be prompted to choose your deployment size. As discussed in previous article deployment size is related to how much data Log Insight is capable to ingest in a certain amount time. This obviously directly influences the requested CPU number and RAM size to support this certain kind of workload. Please note that the Extra Small configuration option is not supported in production but is only suited for demonstrations only.
Configure IP address, proper subnet mask, gateway, DNS and appliance root password.
Before continuing let's have a brief look at how Log Insight stores data. Once OVF has been deployde if you edit Log Insight virtual machine you will see something similar to this:
Three hard disks are used to store operating system data, application logs and, finally, logs and indexes received by Log Insight. By default, if Small configuration is used, application logs and data are stored in an LVM formatted 120GB disk.
/storage/core is where logs and indexes are stored. This volume can be increased by simply editing the virtual appliance hard disk size. When Log Insight is powered back on LVM will be automatically expanded and will reflect the new size.
Once Log Insight has booted completely point to it using a web browser and you can perform the initial configuration.
Here you can choose either to start a new deployment either to join an existing one. The latter option is used when adding worker nodes to an existing Log Insight cluster and we will see this in detail in another post so at this time I choose the former one.
Insert admin credentials.
Insert license key. You can skip this step at this time and insert the license later but a valid license key must inserted in order to access to collected logs and analytics.
Time configuration is an optional step but I suggest you to configure it to work properly since timestamps in log analysis can be a lifesaver.
SMTP is used by Log Insight to send alerts via email
When setup is complete you will be redirected to the main page of VMware vCenter Log Insight.
In order to get log data from vCenter Server and ESXi hosts connected to it you need to go to Administration -> vSphere and properly fill in the fields pointing to you vCenter Server then check both options in this page. This will automatically retrieve logs from vCenter and configure ESXi hosts to send logs to this instance of Log Insight.
NOTE: If you need to check if an ESXi host sends logs over to Log Insight just connect to it via SSH and run:
esxcli system syslog config get
To perform a manual configuration for sending logs from an ESXi host to Log Insight or to a generic syslog run the following command:
esxcli system syslog config set --loghost='udp://<IP_OF_LOGINSIGHT:514>'
That's all for now, in the next article we will start using vCenter Log Insight for analyzing logs.
Other articles in this series:
VMware vCenter Log Insight Series Part1 - Introduction
VMware vCenter Log Insight Series Part2 - Installation and Configuration
VMware vCenter Log Insight Series Part3 - Collecting Logs
VMware vCenter Log Insight Series Part4 - Creating Analytics