vRealize Log Insight can accept, process, and query logs from non VMware sources in addition to those from VMware infrastructure sources. vRealize Log Insight Content Packs are plug-ins with information about syslog messages from external sources such as Brocade switches, EMC or NetApp storage systems, Cisco UCS Systems, Windows Servers, or Windows applications such as Active Directory or Exchange.

Out of the box, vRealize Log Insight includes only the vSphere Content Pack. VMware or third parties can create Content Packs with information about specific events from other syslog sources that can be used by system administrators, operational teams, engineers, and CTOs. The content pack itself is made up of information that includes dashboards, fields, aggregations, alerts, and queries.

For example, if you have a design requirement to monitor syslog data from the provider’s Cisco UCS Blade System, you can download the UCS Content Pack from the VMware Solution Exchange at https://solutionexchange.vmware.com/store/loginsight before importing the VLCP file into vRealize Log Insight. You can then configure UCS Manager to forward all syslog data collected on the fabric interconnects to vRealize Log Insight. The data becomes available for analysis and troubleshooting using the vRealize Log Insight user interface.

To forward logs from Microsoft Windows Servers or Microsoft Windows-based applications such as Active Directory or Exchange, the vRealize Log Insight Windows agent must be installed on each source operating system, allowing messages from Windows event channels and log files to be forwarded to the vRealize Log Insight server. In vRealize Log Insight 3.0, there is limit of 60 Windows event log channels. (See vRealize Log Insight 3.0 GA Configuration Limits at http://pubs.vmware.com/log-insight-30/index.jsp?topic=%2Fcom.vmware.log-insight.administration.doc%2FGUID-0601A373-4B74-4B93-8C39-DA85F1D34FD4.html .)

Linux operating systems typically include a syslog agent. If not, you can usually install one. The most common syslog agents found on Linux operating systems are rsyslog and syslog-ng.

For more information about forwarding Microsoft Windows event logs to vRealize Log Insight, see the VMware Realize Log Insight Administration Guide available at https://www.vmware.com/support/pubs/log-insight-pubs.html.