VMware vRealize Log Insight 4.3 Release Notes
VMware vRealize Log Insight | 2 March 2017
Server Build 5084751 | Agent Build 5052904
Updated 10 May 2017
These release notes describe changes to vRealize Log Insight 4.3. Check frequently for updates to these release notes.
What's in the Release Notes?
The release notes cover the following topics:
VRealize Log Insight delivers the best real-time and archive log management, especially for VMware environments. Machine learning-based Intelligent Grouping and high-performance search enables faster troubleshooting across physical, virtual, and cloud environments. vRealize Log Insight can analyze terabytes of logs, discover structure in unstructured data, and deliver enterprise-wide visibility using a modern Web interface.
This release of VMware vRealize Log Insight delivers product improvements and updates to the previous release, including these features:
- Server Features
- Now supports VMware Identity Manager Single Sign-On (vIDM SSO)
- Host table entries now expire after they are idle for three months (after the last ingested event)
- New upgrade APIs
- User Interface Features
- New alert history for individual alerts
- New percent labels on pie charts
- New trendline overlay on line charts
- Enhanced dashboard list selection
- Agent Features
- New FIPS-140-2 compliance
- New silent auto-update of deployed agents
- Enhanced timestamp parser that supports single-digit representation of days and months
- Now supports Windows Server 2016
vRealize Log Insight 4.3 supports the following VMware products and versions:
- vRealize Log Insight can pull events, tasks, and alarms data from VMware vCenter Server 5.5 or later. See the VMware knowledge base article at http://kb.vmware.com/kb/2145103 for more information.
- You can integrate vRealize Log Insight 4.3 with vRealize Operations Manager version 6.0 or later.
vRealize Log Insight 4.3 supports the following browser versions. More recent browser versions also work with vRealize Log Insight, but have not been validated.
- Mozilla Firefox 45.0 and above
- Google Chrome 51.0 and above
- Safari 9.1 and above
- Internet Explorer 11.0 and above
Note: Internet Explorer Document mode must be used in Standards Mode. Other modes are not supported. The Compatibility View browser mode is not supported.
The minimum supported browser resolution is 1280 by 800 pixels.
Important: Cookies must be enabled in your browser.
vRealize Log Insight Windows Agent Support
The vRealize Log Insight 4.3 Windows agent supports the following versions.
- Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10
- Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016
vRealize Log Insight Linux Agent Support
The vRealize Log Insight Linux agent supports the following distributions and versions.
- RHEL 5, RHEL 6, and RHEL 7
- SLES 11 SP3 and SLES 12 SP1
- Ubuntu 12.04 LTS, 14.04 LTS, and 16.04 LTS
vRealize Log Insight 4.3 has the following limitations.
- vRealize Log Insight does not handle non-printable ASCII characters correctly.
- vRealize Log Insight does not support printing. However, you can use the Print options of your browser. The printed results might vary depending on the browser that you use. We recommend Internet Explorer or Firefox for printing portions of the vRealize Log Insight user interface.
The hosts table might display devices more than once with each in a different format, including some combination of IP address, hostname, and FQDN. For example, a device named foo.bar.com might appear as both foo and foo.bar.com.
The hosts table uses the hostname field that is defined in the syslog RFC. If an event sent by a device over the syslog protocol does not have a hostname, vRealize Log Insight uses the source as the hostname. This might result in the device being listed more than once because vRealize Log Insight cannot determine if the two formats point to the same device.
vRealize Log Insight Windows and Linux Agents
- Non-ASCII characters in hostname and source fields are not delivered correctly when vRealize Log Insight Windows and Linux agents are running in syslog mode.
vRealize Log Insight Windows Agent
- The vRealize Log Insight Windows agent is a 32-bit application and all its requests for opening files from C:\Windows\System32 sub-directories are redirected by WOW64 to C:\Windows\SysWOW64. However, you can configure the vRealize Log Insight Windows agent to collect from C:\Windows\System32 by using the special alias C:\Windows\Sysnative. For example, to collect logs from their default location for the MS DHCP Server, add the following line to the corresponding section of the vRealize Log Insight Windows agent configuration file: =C:\Windows\Sysnative\dhcp.
vRealize Log Insight Linux Agent
- Due to an operating system limitation, the vRealize Log Insight Linux agent does not detect network outages when configured to send events over syslog.
- The vRealize Log Insight Linux agent does not support non-English (UTF-8) symbols in field or tag names.
- The vRealize Log Insight Linux agent collects hidden files and directories by default. To prevent this, you must add an exclude=.* option to every configuration section. The option exclude uses the glob pattern .* which represents hidden file format.
- When standard output redirection to a file is used to produce logs, the vRealize Log Insight agent might not correctly recognize event boundaries in such log files.
- Load-balanced Active Directory authorization servers are not supported.
Upgrading from a Previous Version of vRealize Log Insight
You can upgrade to 4.3 directly from vRealize Log Insight 4.0 or from the beta releases 4.1 or 4.2. If you are running an earlier version
of vRealize Log Insight, you must first upgrade your installation to 4.0.
Important Upgrade Notes
- To upgrade to vRealize Log Insight 4.3, you must be running vRealize Log Insight 4.0 or later.
- When performing a manual upgrade, you must upgrade workers one at a time. Upgrading multiple workers at the same time causes an upgrade failure. When you upgrade the master node to vRealize Log Insight 4.3, a rolling upgrade occurs unless specifically disabled.
- Upgrading must be done from the master node's FQDN. Upgrading with the Integrated Load Balancer IP address is not supported.
- vRealize Log Insight does not support two-node clusters. Add a third vRealize Log Insight node of the same version as the existing two nodes before performing an upgrade.
- If the vRLI upgarde (.pak file) has new "Jre" version then the user installed certificates in an vRLI setup (e.g for Event forwarding) getting invisible after upgrade. Please look at the bug 1816858.
vRealize Log Insight 4.3 includes the following localization features.
The vRealize Log Insight server web user interface is localized to Japanese, French, Spanish, German, Simplified Chinese, Traditional Chinese, and Korean.
- The vRealize Log Insight server Web user interface supports Unicode data, including machine learning features.
- vRealize Log Insight agents work on non-English native Windows.
- The agent installer and content pack are not localized. Parts of the vRealize Log Insight server Web user interface might still show non-localized strings and have layout issues.
- vRealize Log Insight is interoperable with localized versions of vCenter Server and vRealize Operations Manager. However, Content Packs depend on matching non-localized log messages. vCenter Server events are retrieved in its default locale, which should be set to en_US. For more information, see http://kb.vmware.com/kb/2121646.
- Integration with Active Directory, vSphere, and vRealize Operations Manager for user names with non-ASCII characters is not supported.
- The date/time calendar format shown on the vRealize Log Insight server Web user interface is English only and does not display language/locale settings.
- Localization of event logs is not supported. Event logs only support UTF-8 and UTF-16 character encoding.
This section describes issues that have been resolved since the vRealize Log Insight 4.0 release.
- Setting domain controllers for AD configuration now consistently sets the KRB server correctly.
- The VIP tag and vSphere integration tag can now be the same, without impacting vSphere collection.
- The scope of the vRealize Operations launch-in-context checkbox is no longer node specific for an integration with vRealize Log Insight.
This section describes known product issues and provides workarounds where they are available.
Event forwarding stops working after upgrading deployments that use SSL.
JRE is upgraded as part of vRealize Log Insight upgrade. For sites configured with SSL, certificate information remains
stored in the old JRE version therefore the certificate cannot be retrieved for the upgraded installation and event forwarding fails.
Workaround: Reimport the certificate using the procedure "Configuring vRealize Log Insight Event Forwarding
with SSL" in the vRealize Log Insight documentation center.
When a Log Insight instance uses the VMware Identity Manager integration and a cluster that is configured
without a virtual IP address, links to alerts in automatically generated email messages are incorrect.
This is also true for site configurations that use multiple virtual IPs.
The alert links sent in email alerts are created using a FQDN, but VMware Identity Manager redirects back to the IP address of the vRealize Log Insight master node instead of the FQDN of the virtual IP address.
Workaround: From the drop-down menu icon on the Web interface, select Administration > Cluster. In the Integrated Load Balancer section, open the Add New IP Address window and add the virtual IP address to the vRealize Log Insight cluster specifying its FQDN.
Reconfigure VMware Identity Manager integration with newly created VIP.