Time synchronization is critical for the core functionality of vRealize Log Insight. By default, vRealize Log Insight synchronizes time with a predefined list of public NTP servers.

Configure consistent NTP sources on all systems that send log data (vCenter Server, ESXi, vRealize Operation Manager). See Time Synchronization in the VMware Validated Design Planning and Preparation documentation.

Time Synchronization Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-022

Configure consistent NTP sources on all virtual infrastructure and cloud management applications for correct log analysis in vRealize Log Insight.

Guarantees accurate log timestamps.

Requires that all applications synchronize time to the same NTP time source.

All vRealize Log Insight cluster nodes must be in the same LAN with no firewall or NAT between the nodes.

vRealize Log Insight receives log data over the syslog TCP, syslog TLS/SSL, or syslog UDP protocols. Use the default syslog UDP protocol because security is already designed at the level of the management network.

Syslog Protocol Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-023

Communicate with the syslog clients, such as ESXi, vCenter Server, NSX for vSphere, on the default UDP syslog port.

Using the default syslog port simplifies configuration for all syslog sources.

If the network connection is interrupted, the syslog traffic is lost.

UDP syslog traffic is not secure.