Wednesday, June 28, 2017

vRealize Log Insight - Capturing Application Logs



The more we talk about vRLI (vRealize Log Insight), the more are customers falling in love with it.
In today's enterprises either customers would have a generic syslog server-predominantly used for storing logs for future audits/analysis, or, would have an advanced log analytic tool.




vRLI gives you both the capabilities. You can syslog from multiple environments (VMware Infrastructure services/Servers/Storage/OS/Applications etc.) as well as perform advanced analytics on it by building custom queries by custom fields and create intuitive Dashboard views.



In one of my customer discussion, customer brought up the point on Application Data capturing and wanted to know how to do it?

If you would have explored VMware Solution Exchange (now https://marketplace.vmware.com/vsx/), you will find multiple Application content packs (like for IIS, Tomcat, SQL etc.). These content packs create templates with data capturing configurations for respective Applications.
Once LI agent is installed/configured on the OSE and discovered in LI, they can be tagged to the respective Application template to start gathering the application logs from there.

But what if its a in-house developed application or if there are no content packs available for the application.
In that case we would need to create custom templates. 

For such scenarios we can use Linux/Windows templates...By using a Linux/Windows template (look out for the content pack on solution exchange for the same) we are create a manifest configuration file for Linux environment which can be then used to determine the log format and to specify the location of the data to import.
Let me explain with an example...
Assume its a linux based application which create application logs on a specific directory (e.g. .
We can start with Linux content pack. 

Step 1: Deploy a Linux agent on the Linux OSE (Physical/virtual)

Step 2: Confirm the OSE is discovered in vRLI, under the "All Agent" list on the Agent page.

Step 3: Import Linux Content pack in LI. This will introduce a Linux Template under the available template list in Administration-> Management -> Agents














Step 4: Copy the Linux Template and rename it. Possibly give it the Application Name.





Step 5: Create a filter to add the Linux VM to the Application Template.








Step 6: Scroll down to the Agent Configuration -> Edit section. 
Append it to include the application events log path (directory). 
Can also include format, include, exclude fields to filter what type of logs to be injested to Log Insight.





With "Enable Auto-Update for all agents" enabled, the changes done in agent configuration section are automatically pushed to the LI configuration file in the OS.

Voila !!! This will start capturing the application specific logs to the Log Insight giving us the capability of running queries over it and create custom analytic views for it.


No comments:

Post a Comment