vCenter Log Insight release

vCenter Log Insight is a new log aggregator from VMware. As a new tool that is integrated with vCenter Operations Manager, Log Insight has great potential. The ability to tie in directly with VMware's knowledge base, vCenter and vCenter Operations gives Log Insight a true strength in combining analytics with logging.
VMware vCenter Log Insight – VMware vSphere Dashboard
We started using Log Insight (project Strata) at Tech Preview 2. We had a need for log aggregation solution and thought we'd give it a try on our lower environments. We have used it for different purposes.

  • 1st time was with analytics. when we deployed it, I had setup a dashboard to see "warning" level alerts. 3 of our 120 hosts were far surpassing the others in errors.  After clicking down into the bar graphs we saw a high number of Active Directory related errors.  After rejoining 2 of those hosts to the domain the errors had cleared. The third box we needed to reinstall to clear the errors. Since we've done this all the servers have been cleared of this error.  You'll notice there's a similar dashboard in the automatic bundle now built into Log Insight.

VMware vCenter Log Insight – Interactive Analytics

  • 2nd time was verifying where the problem existed. background: backups failing scope: 3 teams involved (backup team, esx team, window's team)
    • Log Insight gave us the ability to show the backups were connecting to vCenter and the job was getting to the vm and was failing while connected to the vm.
    • Next we were able to take the error message, extract out the vm name and get a list of all the errors over the past week, to help with trouble shooting.
    • Problem ended up being with the services on the Window's vm but we'd of never gotten to the point without the log dive.
  • 3rd time was for overall health We had lost a storage director and during the outage had higher latency then we anticipated. There were questions brought up as to whether our round robin was working properly. Our team was able to show the logs where the connection was deprecated at the beginning of the issue and not used again until the issue had been resolved.

One beauty with Log Insight is the fact that all monitoring analytics are already handled within vCops. The reason this is important is with Splunk you get charged for the bandwidth license to pipe all their resource monitors into it.

Chris Nakagaki - Is it different from Splunk?  Not really.  It's pretty much the same functionality, but the integration w/ vcops is the most interesting.  It'll be an uphill battle for log insight against Splunk unless priced appropriately.  In the very least, it's good to see a worthwhile competitor to Splunk.

More Screenshots:
VMware vCenter Log Insight – Customizable Dashboards
VMware vCenter Log Insight – Integration with vCenter Operations

vCenter/vSphere Web Client SSL Certificate Requests (PFX vs JKS)

I was working to get certs for the vsphere web client.  Needless to say, I had worked w/ JKS (Java Keystore) before so I figured the process was the same for PFX (PKCS12 keystore) files, but I was dead wrong.  I'd highly recommend looking into the VMware SSL Certificate Automation Tool.  What follows is mainly a learning exercise for me.

For starters, if you have a mac, good for you, cause openssl is likely already installed and accessible via terminal which makes things much easier from the get go.  If you run Windows, download the windows binaries and install.  If you go to the site like listed in VMware's docs as a Windows admin, lord help you.  When you install the openssl windows binaries w/ all defaults selected, openssl installs on C:\OpenSSL-Win32\bin.

Open a command prompt to that directory, then you can pretty much follow the instructions from VMware.

To read more about my trials and tribulations, click the link to continue below.

Replacing vCenter Operations Manager Certificate (vApp)

Refer to this post for openssl info, then follow the steps here:

  1. Generate a certificate signing request
    1. openssl req -out vcops.csr -new -newkey rsa:2048 -nodes -keyout vcops.key
      • Answer the wizard questions appropriately for your environment.
      • This creates your Certificate request and generates the associated private key.
  2. When you receive your signed cert from the CA if not already in pem format (with private key):
    1. Assuming CER or CRT we need to convert it to PKCS12 first.
      • openssl pkcs12 -export -in vcops.cer -inkey vcops.key -name vcops -passout pass:password -out vcops.pfx
  3. Convert to PEM w/ private key
    1. openssl pkcs12 -in vcops.pfx -out vcops.pem -nodes
      • It will prompt for password, if you used my example under step 2, then that would be password.
  4. Log into vcop's admin console (https://vcopsServername/admin), select the SSL tab, and upload your newly created pem file.
Additional Steps:
These steps were helpful in updating vCOPs registration info in vCenter w/ the 'certified' name.