vRealize Log Insight Log Insight vRealize vRealize Suite

What’s New in vRealize Log Insight 8.2

The vRealize Log Insight 8.2 release builds upon the previous 8.x updates to further enhance these features. This release also has new features including local account hardening, syslog forwarding using TLS/SSL, DoD attestation, and some new and updated content packs! 

 

Variable Retention 

Variable retention allows you to filter log message and set different retention periods for different log data. This was introduced as part of the 8.1 release. In the 8.2 release we’ve added additional data in the User Interface so you can see the storage usage for each partition. You can also see the oldest log message in the bucket/partition. This helps administrators ensure they adhering to their compliance policies for different log classifications. A Log Insight administrator has access to see this information. 

 

Vertical Scale

We have introduced and XL node size which supports up to 64GB of RAM and 32 CPUs. This provides a performance boost for environments with a heavy query load.   

 

Syslog Forwarding with SSL

You have always been able to encrypt log forwarding when using the Ingestion API, and now you can also use SSL for syslog forwarding over TCP. 

 

Unlimited Log Export Management

Enable email notifications for export completion or track the progress of an export task. If a task is queued, you can see the position of the task in the queue.  

 

Configure Email Alert

Instead of checking on the status, you can configure an email alert to notify you when your export is complete. 

 

 

Monitor Status

An administrator can check the progress of export tasks.

 

Check the Query Used for Exports 

 

Cancel Export 

 

IPV6 zero compression support

Log Insight now has zero compression support for IPv6 on new and upgraded deployments.

 

Incremental performance  

Improvement for queries based on extracted fields. 

 

New DoD / STIG Features

Enable a Department of Defense (DoD) consent agreement to display the mandatory DoD notice and consent banner as part of the user login. Navigate to Administration > Configuration > General and Enable the DoD Consent Agreement.

After the Consent agreement is enabled, the users must agree to the DoD Consent to login.

 

Local Account Security Hardening

You can enable local account hardening using the new optional password policy restriction. This password policy meets the current Security Technical Implementation Guide (STIG) for the DoD and other federal agencies.

You enable the local account policy under Administration > Configuration > General.

If the policy is enabled a password must adhere to these policies:

A password must contain at least 15 characters. 

A user can change their password only once in 24 hours. 

When a user changes their password, they cannot use the last five passwords. 

When a user changes their password, at least eight characters of the new password must be different from the old password. 

A user account is locked if not logged in for 35 days or password not changed for 60 days. 

If the local account password policy is not enabled the following rules apply:

Passwords must have only visible ASCII characters including space, must be at least 8 characters long and contain one uppercase, one lowercase, one number and one special character.

A new Sytem Alert has also been added to notify administrators when a new account is created -“Log Insight Admin Alert: New user(s) were created”.

 

Content Pack Search

Ability to search content packs from the Content Pack Marketplace without leaving the product UI. 

 

New and Updated Content Packs

VMware NSX Advanced Load Balancer 1.0

Content Pack Details:

The Log Insight Content Pack, for VMware NSX Advanced Load Balancer, offers at a glance dashboard views for analyzing and auditing applications statuses, configuration changes and general overall health of the data plane and control plane components.
Dashboards included with the content pack are:
– Event overview, exposing breakdowns by severity and event type
– Login events, see who’s (un)successfully logging into your Avi controller cluster and from which source IP
– Configuration changes, see what changes were made to which object.
– Service Engine events exposing highly utilized service engines among other data
– Virtual Service operational status changes
– Pool and pool server operational status change

 

VMware Cloud Director Availability 1.0

VMware Cloud Director Availability (VCDA) content pack provides insight into the logs and event notifications of VMware Cloud Director Availability. The content pack contains various dashboards, queries, and alerts that allow making informed and proactive decisions in the disaster recovery environment.

  • Quickly identify issues: The VCDA Problems dashboard provides a single pane of glass to identify problems in the VCDA environment.
  • Alerts: Know what to monitor in your VCDA environment and receive notifications when detecting such events.

Updated Content Packs

VMware Horizon 4.0

  • VMware Horizon 7.x and BLAST desktop protocol support
  • New General – Performance and General – Availability dashboards

NSX-T 3.9 (Support NSX-T 3.0, 3.0.1)

vRealize Suite Lifecycle Manager 8.0.1 or later (Support vRealize Suite Lifecycle Manager 8.1)

vRealize Operations Manager 4.1 (Support vRealize Operations Manager 8.2)

vSAN 2.2

  • Overview dashboard and Storage Policy Events dashboard
  • Support vSAN 7.0

To find out more information about the 8.2 release please see the Release Notes.