I am happy to announce Log Insight 3.3! While the download will be available later, you can sign up here to be notified once released. One of the big announcements with this release is that everyone with a vCenter Server license gets a free version of Log Insight! To learn more, be sure to check out this blog post on vCenter for Log Insight. While you cannot do better than free, the Log Insight team wanted to sweeten the deal for everyone by providing even more capabilities — read on to learn more!
Log Insight 3.3 : New Server Capabilities
First off, let me discuss all the new server-side capabilities!
Multiple VIPs with Tags
vRealize Log Insight 3.3’s integrated load balancer now allows for multiple VIPs to be configured each with zero or more tags. This powerful enhancement makes it possible to tag incoming traffic easing Role-Based Access Control configuration for devices that cannot leverage the Log Insight agent and offers a query performance boost for content packs with limited keywords.
Configuration is handled under the Cluster page in the Administration section:
Webhooks
Both system alerts and user alerts now offer the ability to send one or more webhooks allowing for easy integration with a large number of third party solutions. Here are some example destinations of the new alerting capability:
- Socialcast
- PagerDuty
- Custom RSS/Atom
Webhooks for system alerts can be configured under the General page in the Administration section:
Webhooks for user alerts can be configured either while creating a new user alert or by editing an existing user alert:
(And you can test user alerts now!)
UPDATE: For more information, see these posts:
- https://blogs.vmware.com/management/2016/04/log-insight-3-3-webhooks.html
- https://blogs.vmware.com/management/2016/04/log-insight-webhook-shims.html
Enhanced vSphere Integration
Two powerful enhancements have been made to vSphere integration. First, tags for both vCenter Server and ESXi events can be added. Configuring tags provides capabilities similar to the new Multiple VIP with Tags feature described above. Tags can be added to new or existing vSphere integration endpoints under the vSphere page of the Administration section:
In addition, unconfigured ESXi hosts are automatically added to vSphere integration by default. This setting is configurable under the “Advanced Configuration” option during initial integration (by selecting manual) or “View Details” for existing integrations (notice the new “Automatically configure all ESXi hosts” checkbox):
Additional OVF properties
Both DNS searchpath and DNS domain can be configured via OVF properties for the Log Insight 3.3 virtual appliance ensuring short names (i.e. hostnames instead of fully qualified domain names) are resolvable. Setting these options can improve Log Insight’s inventory mapping capabilities. Note network configuration changes are still only supported via OVF properties.
Log Insight 3.3: Improved Agent Capabilities
Next, let me discuss the new agent capabilities!
New Parsers
A variety of additional parsers are now available including:
- LTSV (Labeled Tab-Separated Values)
- Regex
- Syslog
IPv6 Support
All Log Insight 3.3 agents support clients running IPv6.
copytruncate Support
The Log Insight Linux agents support the copytruncate option from logrotate. Per logrotate’s man page, here is what the copytruncate option does:
Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place.
Here is an example of a logrotate configuration (typically found in /etc/logrotate.d) leveraging the copytruncate option:
/tmp/output.log {
size 1k
copytruncate
compress
compresscmd /bin/bzip2
compressext .bz2
rotate 4
maxage 100
}
If you have any logs rotated in this manner then the Log Insight Linux agent has you covered no additional configuration required!
Windows 10 Support
The Log Insight 3.3 Windows agent supports Windows 10.
New APIs
Some new APIs are now available for use!
Authentication API
Enables remote client to programmatically authenticate with the vRealize Log Insight platform to perform certain operations. An example of calling the API would be:
curl -sk
-X POST
-H 'Content-Type: application/json'
--data '{"provider":"Local","username":"admin","password":"changeme1!"}'
https://loginsight.example.com/api/v1/sessions
And the response would look something similar to:
{ "userId": "00000000-0000-0000-0000-000000000002" "sessionId": "bIYX6zlPjzbRDAB6tQkfAqbKhGgrCqfyG/u+5GPeTYAzZIfczTkbPu8WgBsR5e/VRuV8VnhS/TFZnevBALkyA+bPelj8TtLfzq5UmPDJKneqjnSn133IMRyVFIRQeeSeWCEPEsY2EOYrIedbWbTKniKDs7IIiFgDxxuoEh8yOuC5DJqgvrxsC009p67kht9kduj+u6ATAig/sM9ndV0Fq4TEHHi8pyW+O7K+7OJv/1o3CyzmuSbG7VPS0eGIERvu94fPeHBnZGMZTj0dkOIFOg==", "ttl": 1800, }
You could then use the sessionId for authenticated requests.
Query API
Enables remote clients to programmatically query the vRealize Log Insight platform to retrieve and aggregate over events. For example, if you had already authenticated you could run the following query searching for all events in the last 10 minutes:
curl -sk
-H 'Authorization: Bearer bIYX6zlPjzbRDAB6tQkfAqbKhGgrCqfyG/u+5GPeTYAzZIfczTkbPu8WgBsR5e/VRuV8VnhS/TFZnevBALkyA+bPelj8TtLfzq5UmPDJKneqjnSn133IMRyVFIRQeeSeWCEPEsY2EOYrIedbWbTKniKDs7IIiFgDxxuoEh8yOuC5DJqgvrxsC009p67kht9kduj+u6ATAig/sM9ndV0Fq4TEHHi8pyW+O7K+7OJv/1o3CyzmuSbG7VPS0eGIERvu94fPeHBnZGMZTj0dkOIFOg=='
'https://loginsight.example.com/api/v1/events/timestamp/%3E10'
The results may look something similar to:
{ "complete": true, "events": [ { "fields": [ { "content": "172.16.127.1", "name": "hostname" }, { "content": "v4_e0cb4506", "name": "event_type" }, { "content": "172.16.127.1", "name": "source" } ], "text": "this is a test event", "timestamp": 1449771888082 } ] }
Importer Utility
A new importer utility is available to support importing old logs and support bundles via the Log Insight ingestion API. This utility is available as an executable for Windows and Linux, supports a manifest file that is almost identical to an agent configuration file (only difference is the directory option), can ingest messages based on their timestamp (requires authentication) and supports compressed (zip/gzip/tar) as well as recursive directory imports.
For example, the utility may be called using the following parameters:
/usr/lib/loginsight-importer --source /tmp/vmsupport-1234.tgz --server loginsight.vmware.com --mainfest /tmp/vmsupport.ini --username admin --password --honor_timestamp
Tech Preview Features
This release features some Tech Preview features that you can try now!
Agent Configuration Builder
The Agent Administration page provides the ability to build and validate agent configurations. Of course, you can still get the original view by switching to the Edit tab.
Virtual Appliance IPv6 Support
The Log Insight 3.3 virtual appliance can be configured in a pure IPv6 network.
Configuration APIs
A variety of tech preview APIs have been made available to configure vRealize Log Insight.
Summary
As you can see, Log Insight 3.3 comes with a lot of cool new stuff and if you already have vCenter Server there is no better time to try vCenter for Log Insight! The bits will be available soon, but to ensure you are notified as soon as the latest version is available, by sure to sign up here.
