VMware vRealize Log Insight v3.6 Configuration. SSL, Active Directory and vSphere.

The previous blog post was related to deploying the Log Insight appliance and can be viewed here.

After deploying your Log Insight appliance you will want to login to the /admin page and configure a CA signed certificate, Active Directory authentication and integration with vSphere.

Log into your Log Insight appliance admin page. The username is admin and the password you defined at deployment time.

My URL is: https://lablog01.lab.local/admin

Once logged in you are on the /admin home screen

Click on SSL under the Configuration item menu

This is where you import the PEM certificate. The process to generate the certificate is detailed in this blog post and is for a Log Insight cluster with a load balanced cluster FQDN. If you do not have a Log Insight cluster then you do not need to add multiple subjectAltName names: for each Log Insight cluster member or for the load balanced cluster FQDN.

Once the certificate has been imported you can progress onto configuring Active Directory authentication.

Click on Authentication under the Configuration item menu

Tick the option Enable Active Directory Support and enter the relevant details for your Microsoft Domain: domain name, domain controllers, username and password, and also if you require SSL. Click Test Connection to confirm all is correct.

Make sure you click the Save button.

Now click on the Access Control under the Management menu item

Under Directory Groups click on New Group. 

In the Name box type in your Active Directory group. It will start auto-populating with names that match. Then select what level of access to grant this group. For simplicity of the blog I have added Domain Admins with Super Admin and User rights.

Click on Save.

Now you want to integrate vCenter with Log Insight and configure ESXi hosts for logging.

Click on vSphere under the Integration menu item

Enter the details for your vCenter server, username and password. I have used administrator@vsphere.local for the simplicity of this blog.

Click Test Connection to confirm the details are correct.

Tick both of the boxes to collect vCenter Server events and configure ESXi hosts.

Add additional vCenter Servers if required.

Click the Save button and integration will begin.

Once the integration is complete you will be advised.

Click on Hosts under the Management menu item

You will now be able to see your vCenter Server and ESXi hosts.

Log out of the /admin console and log in to the default page: https://lablog01.lab.local. You can now log in with an account that is a member of the Active Directory group configured.

You can start using Log Insight.

Now if you log into the vSphere Web Client you can see what configuration Log Insight has made to the ESXi hosts for logging.

It has added the Advanced System Setting: syslog.global.loghost and set the value to udp://lablog01.lab.local

To provide high availability and logging resilience make sure you deploy additional Log Insight appliances and configure the clustering feature that has an inbuilt load balancing of the cluster FQDN.

To configure a Log Insight cluster, log back into the /admin console and click Cluster under the Management menu item. Follow the deployment blog to deploy additional appliances.