Cloud Lab-6 : How to Install and Configure VCenter Log Insight (Syslog) Server (Part 1)

LAB-6 TASKS (Part 1)

In this Lab we will perform following tasks

  1. Download syslog appliance from VMWare
  2. Information required for Syslog Installation
  3. Deploy Syslog Appliance
  4. Change/Add Syslog Appliance Resources
  5. Initial configure of Syslog Appliance

1-Download syslog appliance from VMWare

In my lab. I am going to use “vCenter log Insight” for Syslog. It is relatively new products but very good and interesting.

You download vCenter log Insight appliance latest Version from

2-Information required for Syslog Installation

Before starting to install Syslog Server. You must need to know following information

  • system name (
  • VSAN IP address (
  • Time zone settings (GMT+5) or whatever your timezone settings are.
  • Enter forward and Reverse DNS Entry for

3-Deploy Syslog Appliance

VCenter Log Insight is available as a virtual appliance and can deployed on any system that supports the OVF standard. While deployment is straightforward.

Log into vCenter Server from web client. From “home screen” navigate to “host and cluster”. Choose a host or cluster where you want to deploy you vCenter log insight appliance.

Right click on the host or cluster -> Choose “Deploy OVF Template”


Click “Allow”. If client integration access control message popup.


In my case already downloaded the appliance and placed in my local pc. Choose “Local File” and browser your appliance -> Click “Next”


See the OVF File template information details -> Click “Next”


Accept the EULA Agreement – > Click “Next”


 Give the VM a name “Cloud-Syslog” and specify which object the VM should be deployed into -> Click “Next”


Select the datastore to store the VM and the disk format -> Click “Next”

NOTE: The best practice is to select Thick Provisioned Eager Zeroed whenever possible for performance and operational reasons.


We specify the port group the VM will be connected to. Choose “Static-Manual” in IP application settings -> Click “Next”.


Enter networking information -> Click “Next”


IMPORTANT: Configuring network information including IP address, netmask, gateway, DNS, and hostname is only supported through vApp options. While these settings can be modified on the virtual appliance, doing so is unsupported and may be overridden. See the release notes for more information.

WARNING: Up to two domain name servers can be specified. If you specify more than two then no domain name servers will be set on the virtual appliance. In addition, ensure you do not put after the comma when specifying multiple domain name servers.

See the configuration summary -> Click “Finish”


IMPORTANT: Do not select the power on option as resources need to be increased on the VM

4-Change/Add Syslog Appliance Resources

This step is option in my Lab. But in production you may need to increase syslog appliance resource. You should follow the below step to know how to extend syslog appliance resources.

Once the VM has been deployed, edit the settings of the VM and increase the number of vCPU from 2 to 4.


NOTE: If you would like additional retention of log messages to query over then you can also add additional hard drives.

Now power on the VM and allow it to go through its first boot process. The first boot process takes about 3-4 minutes and you will notice the virtual appliance reboots about 2-3 minutes into the process. Once done, you will be presented with the console splash screen.


One thing you should do while on this console screen and enter the appropriate key combination “Ctrl + F1” to get to the terminal screen.

From there, log in as root (password is blank/empty). Upon doing so, you will be forced to change the root password.


NOTE: If you do not change the root password you will not be able to SSH to the virtual appliance. As soon as the root password has been changed, SSH will be enabled.

Congratulations, you have successfully deployed the vCenter Log Insight virtual appliance! Next up, I will cover the initial configuration of the product.

5-Initial configure of Syslog Appliance

Once you deploy vCenter Log Insight you need to configure it for use.

 Navigate to the IP address or hostname of Log Insight in a web browser using “” and you will be presented with the product’s initial configuration wizard.

 IMPORTANT: If the console of the virtual appliance does not list an IP or hostname (e.g. http://) then you will need to fix the DHCP issue or configure a static IP address by powering down the virtual appliance and configuring vApp options.

 IMPORTANT: Supported browsers are:
 Mozilla Firefox 10.x, 19.x, 20.x, and 21.0
Google Chrome 27.x, 26.x, and 25.x
Safari 6.0
Internet Explorer 9.x and 10.x

 NOTE: The product ships with a self-signed certificate and you will be redirected to a connection over SSL. As such, you will need to accept the security warning

 NOTE: Every setting in the initial configuration wizard can be modified after the fact from the Administration page of the product.


First up, we need to configuration the admin user credentials. ‘admin’ is the default user for the web UI. Set/change your new admin password -> Click “Save and Continue”

NOTE: Passwords in the web UI are not checked for complexity and cannot be set to expire.

NOTE: The email field is not used for anything so configuring it has no effect


Next, we need to accept the license key. Click “Continue”


IMPORTANT: If you happen to delete the license key from the product, you can re-enter it by going to http://<hostname>/admin/license

The General Configuration section is very important. First, it allows you to configure where system notification emails will be sent. Second, it allows you to participate in the customer experience improvement program -> Click “Save and Continue”

WARNING: System notification emails are used to send information about important system events. This information is not readily displayed in the web UI and it is highly recommended that you configure this field.


Time configuration is probably the most important item that needs to be configured. Without proper time configuration troubleshooting an issue can be challenging. Enter your ntp server address if you have one other wise leave as default -> Click “Save and Continue”


IMPORTANT: If using NTP servers, be sure to validate that they are working by using the Test button (be patient the Test button can take a while). Log Insight does not validate the NTP servers specified or confirm that time can be collected from the sources specified.

By default, the virtual appliance is configured to use itself as an SMTP server. If you wish to receive system notification emails or created alerts then you should modify these settings enter your SMTP server address and other information’s. Ensure it by using the “Send Test Email” option, that you can receive emails from the Log Insight -> Click “Skip” or “Save and continue”


VMware Integration is one of the best features of the Log Insight product. Today, Log Insight supports integration with both vCenter Server, to collect tasks, events and alarms, and vCenter Operations, to send alarms and enable launch in context between the products.

Check “enabled” and enter your “vCenter name” and “credentials”, click “Test” button to verify every enter information is correct -> Click “Save and continue”

NOTE: For vCenter Server integration, read-only permissions are sufficient to perform all operations as long as the user specific has read-only permissions propagated to all objects.

NOTE: For vCenter Operations Manager integration, user permissions are sufficient to perform all operations.

NOTE: Multiple vCenter Server instance can be connected to a single Log Insight instance, but only a single vCenter Operations Manager instance can be configured per Log Insight instance.


Storage configuration allows for a NFS v3 mount point to be specified that can be used to store archived logs messages. This is to allow for extended retention of log messages on (cheaper) storage.

NOTE: Log messages are archived as soon as possible, but retained on the virtual appliance until local space becomes depleted.

IMPORTANT: Archived log messages that have since be removed from the local disk of the virtual appliance cannot be queried against. If you wish to query over archived data you must import the data

WARNING: Log Insight does not manage the NFS mount point and simply attempts to write archived data. If the mount becomes full, Log Insight will not attempt to remove old archived information.

If you wish to enable it. Check the box -> click “Skip” or “Save and Continue”


Finally, we must restart the Log Insight process to put the changes into effect.

NOTE: This is a restart of the Log Insight process and not a restart of the virtual machine.


This process should take less than one minute.


Once complete, we are ready to use the product. If no devices are configured to send their log messages to Log Insight and vCenter Server integration was not configured then we are presented with the following page


That’s it for today and for this lab. I will cover more in my next part-2.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s