As part of vRealize Log Insight configuration, you configure syslog and vRealize Log Insight agents.

Client applications can send logs to vRealize Log Insight in one of the following ways:

Directly to vRealize Log Insight over the syslog protocol

By using vRealize Log Insight to directly query the vSphere Web Server APIs

By using a vRealize Log Insight Agent

Direct Log Communication to vRealize Log Insight Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-017

Configure syslog sources to send log data directly to vRealize Log Insight.

Simplifies the design implementation for log sources that are syslog capable.

You must configure syslog sources to forward logs to the vRealize Log Insight VIP.

SDDC-OPS-LOG-018

Configure the vRealize Log Insight agent for the vRealize Automation Windows servers and Linux appliances.

Windows does not natively support syslog.

vRealize Automation requires the use of agents to collect all vRealize Automation logs.

You must manually install and configure the agents on several nodes.

SDDC-OPS-LOG-019

Configure vCenter Server Appliances and Platform Services Controller Appliances as syslog sources to send log data directly to vRealize Log Insight.

Simplifies the design implementation for log sources that are syslog capable.

You must manually configure syslog sources to forward logs to the vRealize Log Insight VIP.

Certain dashboards within vRealize Log Insight require the use of the vRealize Log Insight Agent for proper ingestion.

Not all Operating System-level events are forwarded to vRealize Log Insight.

SDDC-OPS-LOG-020

Configure vRealize Log Insight to ingest events, tasks, and alarms from the Management and Compute vCenter Server instances .

Ensures that all tasks, events and alarms generated across all vCenter Server instances in a specific region of the SDDC are captured and analyzed for the administrator.

You must create a service account on vCenter Server to connect vRealize Log Insight for events, tasks, and alarms pulling.

Configuring vSphere Integration within vRealize Log Insight does not capture events that occur on the Platform Services Controller.

SDDC-OPS-LOG-021

Do not configure vRealize Log Insight to automatically update all deployed agents.

Manually install updated versions of the Log Insight Agents for each of the specified components within the SDDC for precise maintenance.

You must maintain manually the vRealize Log Insight agents on each of the SDDC components.