Within the data center, hardware and software systems are typically configured to forward log messages to an external and centralized system message logging (syslog) destination. To improve system administration and provide the VMware Cloud Provider™ community with the security and investigative capabilities it requires, VMware recommends configuring logging to external syslog servers from all hardware in the data center, including VMware ESXi™ hosts, storage, and network components. By facilitating the aggregate analysis of log messages on an external server, visibility is provided into events that affect multiple ESXi hosts and other data center components.

VMware provides several options for syslog target servers. A basic syslog server (VMware vSphere® Syslog Collector) is included as part of the VMware vCenter Server® package. A second option is to implement VMware vSphere Management Assistant for log consolidation. However, for a service provider that is looking for deeper insight into their global data center infrastructure, VMware vRealize® Log Insight™ provides a much more comprehensive and feature rich solution than either vSphere Syslog Collector or vSphere Management Assistant.

vRealize Log Insight gives administrators the ability to consolidate logs, monitor and troubleshoot vSphere and third-party infrastructure, and perform security auditing, compliance testing, log querying, aggregation, correlation, and retention. The vRealize Log Insight virtual appliance includes a syslog server, log consolidation tool, and log analysis tool that will work for any type of device that can send syslog data. vRealize Log Insight administrators can also create custom dashboards based on saved queries that can be exported, shared, and integrated with vCenter Server and VMware vRealize Operations Manager™ to provide a uniform approach to dashboard monitoring and operational management.