vRealize Log Insight Cloud

Don’t waste your VMC logs. Put them to work for you.

Managed services such as VMware Cloud on AWS save you valuable time and effort that might otherwise be spent managing infrastructure and focusing on your workloads. However, it’s just as important to know what’s happening in your VMware Cloud SDDC as it is your on-premises data center.

Often, customers migrate or deploy applications to VMware Cloud on AWS – end of story. But how do they know their applications are running optimally and what changes are being made?

For example, did you know you can use the same vRealize Operations instance you use to manage the performance, capacity, and troubleshooting of your on-premises environment with VMware Cloud on AWS? I’d highly recommend it. If you’d like to learn more, Sunny Dua released a great blog post on this topic last year. As for logs, vRealize Log Insight Cloud makes this a no-brainer.

vRealize Log Insight Cloud (formerly Log Intelligence) was developed by VMware to help our Site Reliability Engineers keep a close eye on our customers’ VMC SDDC’s. It allows us to search for events to prevent issues and create alerts to tell us when events occur. Since we were already collecting every log in a centralized tool, it made sense to make this available to every VMware Cloud on AWS customer. Just request access to vRealize Log Insight Cloud from your Cloud Services Portal and you’ll be automatically granted a 30-day trial of the fully featured product. This includes ingestion of your VMware Cloud on AWS audit logs, NSX-T audit logs, Cloud Service Portal logs (upon request), logs from your on-premises data center, and any other logs such as applications.

You’ll also have access to 50 content packs pre-built for VMware technologies as well as other solutions such as AWS services and Kubernetes. After the 30-day trial, you have the option to purchase vRealize Log Insight Cloud at a competitive per-GB rate or you can drop down to the edition that’s included with VMware Cloud on AWS. This edition still gives you all your VMware Cloud on AWS SDDC audit logs and the associated content pack, but limits the number of logs you can ingest daily for NSX-T, CSP, and other logs. For full comparison and pricing information, visit the vRealize Log Insight Cloud product page.

Now that you know vRealize Log Insight Cloud is available to all VMware Cloud on AWS customers (and can be purchased by non-VMC customers), let’s talk about what kinds of information you can gather. Unlike your on-premises SDDC where you have access to all logs, vRealize Log Insight Cloud only gives access to your audit logs. The reason being, we’re already managing the underlying infrastructure and keeping watch for hardware or other related issues, so it isn’t necessary for you to worry about any of this.

Instead, you’ll see important information such as when someone logs into your SDDC, or fails to log in. You’ll also be able to see when someone creates or deletes a virtual machine, firewall rule, NAT rule, or logical network just to name a few. If you enable NSX-T firewall rule logging, you’ll also be able to see when traffic is accepted or rejected including source and destination IP.

 

Comparing NSX-T traffic being passed through vs rejected is simple to do with vRealize Log Insight Cloud.

 

vRealize Log Insight Cloud allows you to visualize and organize unstructured log data. You can quickly identify event types, trends, and anomalies thanks to vRealize Log Insight Cloud’s powerful AI and Machine Learning engine. And autocomplete helps you to build log queries with little to no experience. If you can use a search engine, you can use vRealize Log Insight Cloud.

Apart from making your logs easy to find and understand, vRealize Log Insight Cloud can also alert you when something happens. Alerts can be delivered via e-mail or even webhooks. For example, when a new VM is created, vRealize Log Insight Cloud can send a message to your team’s Slack channel letting everyone know and preventing unauthorized workloads from being spun up.

vRealize Log Insight Cloud includes the ability to overlay queries making event correlation a snap.

 

vRealize Log Insight Cloud can also integrate with your Security Event and Incident Monitoring tool (SIEM). Whether you’re running your SIEM in the cloud or on-premises, forwarding logs from vRealize Log Insight Cloud is easy. Log forwarding rules allow you to choose your destination (on-premises or cloud) and forwarding protocol (HTTP/HTTPS, Syslog, or CFAPI), and whether you want to forward all logs or just a subset of your logs based on custom filters. Forwarding your logs on-premises is simply a matter of deploying a Cloud Proxy appliance in your data center. The Cloud Proxy communicates with vRealize Log Insight Cloud over HTTPS so no special firewall rules are required and all traffic is encrypted.

You may even have compliance requirements that hold you accountable for storing logs for a specific period. By default, trial and paid customers have access to their logs for 30 days (or seven days for the VMC included edition). However, all users of vRealize Log Insight Cloud can archive their logs to S3 storage for up to seven years. Just like log forwarding, you can choose to archive all your logs or just a subset based on custom filters.

Having the ability to see what’s happening in your VMC SDDC is not just a nice-to-have, but rather a necessity. Considering vRealize Log Insight Cloud is available to all VMware Cloud on AWS customers, there’s no reason not to spin it up and see what it can do for you. Its simple yet powerful log analytics make it easy for anyone to discover events both good and bad, while its ability to integrate with your existing tools helps keep you in the loop at all times. Don’t let mistakes or malicious activity catch you by surprise. Make your VMC logs work for you.

For more information on vRealize Log Insight Cloud, visit the product page.