Time to get fresh install of VCF Operations for Logs 9.01.0 installed in the homelab. Going to start this off with the assumption that the Online or Offline Depot is configured and you have downloaded required binaries from Binary Management.
From the VCF Operations console >> Fleet Management >> Lifecycle >> VCF Management >> Binary Management
You will Install, Patch and Upgrade binaries.
When the downloads complete, click ‘Overview’ under VCF Lifecycle and we will locate Operations for Logs and click ‘Add’
For this deployment, because it’s my homelab, a single appliance will suffice, however for production it’s recommended you have a minimum of 3 to form a cluster. You can read more about preparations here; VCF Operations for Logs Detailed Design
On the next step, you can generate a certificate containing the FQDNs and IPs for your appliances.
Populate Infrastructure Deployment details, and click Next
Populate general network IP information; Domain, Domain Search Path, DNS, NTP, Gateway and subnet for the appliance.
The next step is to fill out the Components section and there are too many options to list, but ensure to have IPs for your cluster and VM appliance as well as other settings.
Pre-Check successful, let’s get it!
The final screen will be a confirmation, download the settings and even view what the topology will look like.
VMware’s Log Insight tool part of the vRealize suite is an excellent logging solution backed with analytics. Log Insight provides a marketplace-like feature called ‘Content Packs’ that has a variety of supported plug-ins that are pre-built dashboards for other vendor systems. One of those I wanted to dive in today is the install & configure of the Active Directory Content Pack in addition to the Log Insight agent on my home lab Active Directory server.
Installing Log Insight agent on Windows Server 2016 Datacenter
The agent can be downloaded from within the Log Insight interface. From the home page click on ‘Administration’ and then over to ‘Agents’ on the left pane.
On the bottom of the page there is a download link for the agent
You will find agents for the following supported OSs
In our exercise we will download the Windows MSI file. Launch the installer and there is minimal configuration performed, the most important part is either using hostname or IP for for the Log Insight server.
*The error I’m researching, this seemed to be the only system, checked time clock, not sure if this a time or speed notification, data was flowing in pretty fast.
Once the installation is complete, Log Insight Agents console should immediately display the machine.
Configuring the Log Insight Agent
From the ‘Agent’ menu, go to ‘Agent Configuration’, as an example we will create a Windows Event Log configuration for logging.
Create a unique name (no spaces) of the log, in our case we will call it ‘WinApplication’ for the ‘Application’ events in Event Viewer on the server.
Once that is completed you may proceed for other ones, and in the end should look something like this.
Once the agents are configured, these loggings will begin for all agents detected in LogInsight.
You can click on the hyperlink-enabled name of the agent and it will take you straight to the ‘Interactive Analysis’
The Interactive Analysis is your tool to filter through logs.
Installing the Active Directory Content Pack
From the Log Insight home page, go to ‘Content Packs’
The Log Insight Marketplace appears and in there look for ‘Microsoft – Active Directory’, click once, review/agree terms, check the box and click ‘Install’
The install is instant and you should be prompted with ‘Setup Instructions’
By installing the Log Insight agent, we have fullfilled some of the prerequistes already
From the ‘Agents’ menu, find the and copy the template that is now installed
Here you can name the new group and click ‘Copy’
Some pre-populated configurations will load from the copied template, create a filter, in my example, I selected the hostname of my AD server. Ensure the hostname matches what the name from the agent is, this should bring the found agent down below. Click ‘Save Configuration’
After that is done, you can go back to Interactive Analysis and play around with filters, in my test, I simply reloaded DNS Zones and created a new record
This was something really simple and straight forward, there are several more customizations you can leverage with Log Insight, features for alerting via e-mail for particular events you want to capture and more.
