If you manage a hybrid cloud environment, you know it can be difficult to troubleshoot and manage infrastructure that is dispersed across various environments. It helps when you have unified tools to manage and monitor the health of the applications and infrastructure. vRealize Log Insight Cloud addresses the complexity of log management by supporting ingestion of on premises and cloud logs. There is no need to learn a new query language. Log Insight Cloud allows you to simply search by key words in an intuitive interface. There are several out of the box dashboards for many AWS log sources such as EKS, CloudWatch, SnS, S3, DyanamoDB, Kinesis, etc… This enables administrators to review the overall health and activity of a given application. You can configure alerting to notify you of events of interest, such as new container deployments or audit access to sensitive data.

Log Source configuration is documented as part of the Log Insight Cloud user interface under ‘Log Sources’. In this blog I will follow the in-product documentation to configure my Elastic Kubernetes Service (EKS) cluster and provide additional screenshots to walk you through the process.

To get started we need to create an API key. Navigate to  Configuration > API Keys in the vRealize Log Insight Cloud console and create a new key, for example ‘vRLIC AWS Log Key‘. We will use this in a few steps.

 

Configuring Control Plane Logs

Log in to the AWS Console to enable or verify logging is enabled on your cluster.  Navigate to Services > EKS > Clusters and click on the cluster name.

 

Click on the Logging tab

 

Enable logging for required components

 

Next navigate to Services > Lambda. Create a new Lambda function in the region where your AWS EKS cluster is deployed. Select Browse serverless app repository. Search for Log Insight to use the pre-configured Lambda function. Select ‘VMware-Log-Insight-Cloud‘.

 

Scroll down until you see Application Settings. Copy and paste the API key you created earlier and enter the URL below. Enter a unique name for the Lambda function and click on Deploy.

 

Once the function is deployed you can add a trigger to forward the CloudWatch logs for the cluster. On the configuration tab for the function, click on Add Trigger.

 

Select CloudWatch Logs

 

Select the log group for your EKS cluster in the log group drop down, add a filter name, and click on Add.

 

If you navigate to Logs > Log Groups, the subscription will show up for the cluster under Subscription filters. You can have 2 subscriptions per log group.

 

Navigate back to Log Insight Cloud and go to Content Packs > Cloud Services. Enable the AWS content packs by moving the toggle to the right.

 

You can verify log flow by clicking on the Logs tab under Log Sources for EKS, or in this case by viewing the out of the box EKS dashboards.

 

Review the information on each dashboard to identify issues and monitor activity for the cluster(s).

 

If you want to configure additional AWS log sources you can simply add a trigger for the log group to the existing Lambda function. There is no need to create separate functions for different log sources or log groups.

vRealize Log Insight Cloud makes managing your on prem and cloud infrastructure and applications easier by consolidating log analysis into one powerful tool that is simple to use. Detailed instructions are provided to configure log sources for AWS, Azure, and numerous other applications. We are continuously adding additional sources to meet our customers’ requirements. Visit our website for more information or to sign up for a free 30 day trial.