There are a lot of blogs how to implement and use cases why implement vRealize LogInsight into your Environment.
The first and best reason to use it is that it is included in some licenses you maybe already own:
Free vRealize Log Insight for NSX Customers : All NSX 6.2.4 (and beyond) customers are entitled to vRealize Log Insight for NSX at no additional charge. The license model for vRealize Log Insight for NSX mirrors the license model for NSX. Read the FAQ for more information
Free Log Insight for vCenter : For each instance of vCenter Server that you own or purchase you are entitled to a free 25 OSI license of vRealize Log Insight for vCenter. For more information please see the FAQ
The use case is simple - you need to have an overview of what is happening to your vSphere Environment :
- Who logs in into your environment?
- Are there any Administrator or Root actions and logins?
- Which Firewall events happen to your environment?
- Are there any unwanted changes to your VMs?
You can think of this as a Security Dashboard or what i would use it for - a Compliance Dashboard. Because LogInsight collects any kind of logs from your vSphere Environment you can build queries and Dashboards to report (hopefully) nothing has been changed to your environment.
I created one for my customers a few weeks ago based on some internal templates which i couldn’t share but then i have seen this tweet this morning and it is worth to test it.
You download a vlcp-file which describes the vRealize LogInsight Content Pack and can be imported to the system.
LogInsight Admin Menu
Log in to your vRealize LogInsight System and switch to Content Packs via the Menu on the top right next to your login name.
LogInsight Content Packs Management
The Content Packs page initially shows the Marketplace where you can find more solutions to enhance your LogInsight configuration. Click on the + Import Content Pack Link on the bottom left (i don’t know who wanted to play hide and seek with us and placed it there…).
LogInsight Import Content Pack
Click Browse and locate the file “Texiwill Security v1.0.vlcp” you downloaded before.
You have two options to install content packs:
- Install as content pack
Content will be installed as a content pack. It will be read-only and visible to all users.
If you want to make any changes to the included dashboards or settings you have to copy it to your Custom Dashboard Section.
- Import into My Content Content will be imported into my user space. It will be editable but only visible to me.
Content Pack Overview
Import is easy and should not end in any errors. The result of the import is the installed Content Pack page as shown in Figure 4.
Can’t wait to see what’s happening in your environment - switch to Dashboard View and select the Texiwill’s Security Pack.
There are 3 dashboards so far: Login Events and Actions, Firewall Events, and Configuration Events and Actions. All three designed to visualize what is happening in your environment.
- Login Events and Actions
- Count of Login/Actions events over time
- vCenter Administrator Logins
- vSphere Root Actions
- Root Actions over time grouped by vmw_subTask
- Count of vCenter Logins by Username
- Count vSphere Actions by Username
- Count vSphere Actions by Username and Hostname
- Firewall Events
- Count of Firewall events over time
- Count of FW events over time grouped by source
- Count of FW events over time grouped by hostname
- Count of FW events over time grouped by hostname, vmw_vse_fw_status
- VM Configuration Changes
- Count of Change Events grouped by vc_event_user
- Count of Modify Events grouped by vc_event_user, device_type
- Count of Device Added grouped by vc_event_user, device_added
- Count of Deleted Devices grouped by vc_event_user, device_deleted
- Count of Change events grouped by vc_event_user, config_type
- Count of Modify Events
- Count of Add Events
- Count of Delete Events
I hope this is usefull for you and you test this in your existing environment. Or you start with vRealize LogInsight today to enhance the visibility into your system.
Check out how easy it is to deploy vRealize LogInsight into your system with this short video.
Have some fun with vRealize LogInsight and your endless creativity!