Master VMware logging with these tools and strategies
Capture and analyze VMware logs with these tools, techniques and best practices. Effective logging can improve troubleshooting, enable optimization and create transparency.
Logs can produce cumbersome, overwhelming data sets. But with proper planning and a few tools and techniques, careful VMware logging can transform logs from a burden into an asset.
Logging is an essential strategy to understand the inner workings of a virtualized system -- both to troubleshoot problems and monitor the performance of new tactics and products. A holistic approach to VMware logs ensures that nothing gets lost in the mix.
Use vRealize Log Insight to centralize VMware logs and set alerts. Though the product is well-known, it has many more features than you might be familiar with. Take advantage of vCenter's place in the infrastructure for detailed monitoring. Virtualization adds complexity, but virtual infrastructure also enables new levels of detail and resource coordination.
Add context to logs with vSphere's enhanced logging feature. Enhanced logging goes beyond reporting a change to show what the change was, who changed it and what it was before. Gather ESXi logs and send them to VMware through a variety of methods, including vSphere Web Client.
VMware logging experts combine such tools and technologies with strategic plans that incorporate business goals and use proven logging tactics to ensure all the gathered data is organized and readable. Logs can be an incredible asset, but without a plan, they can also be unwieldy, dense and time-consuming burdens.
Take advantage of vRealize Log Insight for VMware logging
VMware vRealize Log Insight is well-reputed as a central logging host, but it offers many more functionalities. If you want to boost your VMware logging skills, take a closer look at what it offers.
VRealize Log Insight analyzes incoming log entries and enables you to establish responsive actions based on the log contents. Setup is as easy as downloading the appliance, deploying it on an ESXi host, configuring it from a web interface, adding a license and connecting it to a vCenter server. You can then centralize your VMware logs by configuring all of your ESXi hosts to send log files to vRealize Log Insight.
VRealize Log Insight offers a number of customization options to monitor specific servers, types of events and volume of events. You can create and share customized dashboards to analyze particular portions of your infrastructure. Rather than searching through each event, vRealize Log Insight enables you to query events and set alerts using keywords and filters. You can also integrate vRealize Log Insight with NSX to identify potential issues in an NSX deployment.
Dig deep with vCenter monitoring
VMware vCenter offers advanced monitoring capabilities that enable VMware logging to reach a level most systems can't match.
Unlike more superficial, traditional monitoring tools, vCenter gathers granular data from the virtual hardware level beneath the guest OS layer. This level of detail enables vCenter to differentiate between allocated and in-use memory and to better navigate resource allocation challenges. Without this level of access, a VM might appear resource-constrained even though only some of the allocated memory is actually in use.
VCenter can also produce performance metrics and data that provide answers to the questions VMware logging data inspires. The greater detail provided by vCenter and virtualization enables a detailed examination of resource allocation. You can then use tools, such as resource pools, to coordinate fine-tuned adjustments.
Enhanced vSphere logging maps contextual details
Enhanced logging isn't the most well-known vSphere feature, but for those looking to become VMware logging experts, it offers numerous advantages.
Traditional logs have always been an essential part of management and monitoring, but they often leave out context relevant to the events on which they report.
Traditional logs have always been an essential part of management and monitoring, but they often leave out context relevant to the events on which they report. A log might report a change to a VM's configuration, but might not describe which states and settings were changed, what they were before the change or who made the change.
Enhanced logging addresses these weaknesses by handling vCenter events through syslog data. This adds details to log entries that make them more useful and responses more actionable. You can also integrate enhanced logging with vRealize Log Insight and third-party logging tools.
Gather vSphere log files through multiple methods
VMware support will often want log files if you have an ESXi incident, so a useful trick to add to your VMware logging arsenal is the ability to easily retrieve logs with vSphere.
While you can manually get configuration information about ESXi logs in vCenter, VMware offers more nimble, semi-automated methods to gather diagnostic information.
In vSphere Client, use the monitor tool and logs tab to view all the vSphere log files. You can sort logs by name or description and use commands to retrieve diagnostic bundles. If you're working with VMware support, there's also an option to automatically generate a support bundle that you can download and easily send.
If you can access vCenter with vSphere Web Client, there are even easier options. From vSphere Web Client, it's as easy as selecting the vCenter server object and choosing the export system logs option from the list of actions. You can select which ESXi hosts to export logs from, export a support bundle and create a diagnostic bundle from particular components.
Implement logging best practices and strategies
A VMware logging expert's knowledge extends beyond tools and software to a variety of widely applicable logging tactics that can enable efficient organization and thorough analysis.
Logs can produce an incredible amount of data, so you need to have a logging strategy in place before you wade in. Build business objectives into your logging strategy so you can organize your data retrieval around tangible, measurable goals. If your goal is to enhance application performance, for example, focus logging on data relevant to monitoring progress toward that goal, such as database transaction performance and network latency.
The most organized logs aren't useful if they aren't readable. Use a well-understood, standardized log format that fits your tool set and your IT staff. Tools must be able to analyze the data and people must be able to read it. If you eventually want to aggregate log data and find patterns across multiple files, standardization can help relevant data remain discoverable.