VMware

Log Analytics by VMware Log Insight – VMUG presentation

kisstib0r VMware , , ,

I would like to share my VMUG presentation about VMware Log Insight.

Advice for installation:

  • Install one medium size appliance, use different IP wich U use to cluster
  • Use Eager Zeroed DS because of avoiding performance issues
  • End of configuration don’t configure vSphere hosts
  • Create VIP despite of you don’t want a cluster!!!
  • Use DNS name resolution
  • Now U can integrate Log Insight with your vSphere environment

If you miss creating VIP address for Log Insight, and you integrate it with your vSphere environment, the IP address of Log Insight node will write to Syslog.global.logHost value. If you want to change your IP of Log Insight, or you want to create cluster environment (eg.: scaling) you should change log value on every vSphere host.

In case of you rerun vSphere integration process in Log Insight, it does not solve your problem, because of Log Insight will add the new address to value (don’t overwrite it).

Yes, I know, you can change it by script, but I think it is a better solution, isn’t it? 🙂

Sizing: http://www.vmware.com/go/loginsight/calculator

I’m planning to create a new article series, where I will share more details about the install process and content packs integration. I have created more than 100+ page documentation in this topic under introduction. It is not finished yet! 🙂

 

vThing has created a great new blog post, you can reach details of the event on this link:
https://vthing.wordpress.com/2018/03/05/vmug-hungary-2018-q1-recap/

If you have any question, don’t hesitate to contact me!

vRealize Log Insight alert integrate with Operation Manager

kisstib0r VMware , , , ,

First of all, you can install and configure Veeam Backup and Replication content pack in vRealize Log Insight. Follow instructions of this document.

https://helpcenter.veeam.com/docs/loginsight/userguide/about_vcp.html?ver=10

  • In Log Insight jump to Content Packs / Veeam Backup & Replication / Alerts menu
  • Click “vbr – Backup job failed”

vRealize_LogInsight_alert_integrate_OperationManager_004

The content pack will create a query of failed backups.

  • Change the name of alert as you wish or leave default
  • You can edit Description and Recommendation
  • Fill “Sent to vRealize Operation Manager” checkbox
  • Hit the “Select…” button and select your Veeam Backup&Replication server (VM or Windows layer)
  • Set criticality to Critical
  • Check Auto Cancel option

vRealize_LogInsight_alert_integrate_OperationManager_000

  • Click “Send test alert” button
  • Save to my alerts

If you do everything right you will see the test alert in vRealize Operation Manager (wait 5 minutes before you start troubleshooting)

vRealize_LogInsight_alert_integrate_OperationManager_001

You can see the alert on VM or Windows layer dash or if you select Alert button, you will see the alert under it.

vRealize_LogInsight_alert_integrate_OperationManager_002

vRealize_LogInsight_alert_integrate_OperationManager_003.JPG

The alert comes as Notification event so you can create Notification settings under Alerts / Notification settings if you want to receive an e-mail alert.

vRealize_LogInsight_alert_integrate_OperationManager_005

ICMP ping issue by Windows base End Point Operations Agent

kisstib0r VMware , , , ,

As you know vRealize Operation Manager can monitor remote devices by ICMP check. It is a simple checking method, we use it to monitor at basic level, our remote routers or switches.

Implementation process:

  1. Go Environment / All Objects / EP OPS Adapter / Remote Cheks Word
  2. From Actions menu select “Monitor this object remotely”
    • Add Display nama E.g.: WAN-1
    • Monitored from select your Agent
    • Under Check Method select ICMP check
    • Hostname: IP address of device
  3. Under Advanced settings you can change “sotimeout” and “Collection Interval” (we use one minute)
  4. Click OK

Under Environment / All Objects / EP OPS Adapter / ICMP Check tree you will find all your ICMP checked objects, and you can select one of them for details or All Metrics data.

Now, you are able to create an Alert, base on resource availability state. Yes, but we received lots of alert from vROps, becouse the resources wasn’t available many times. We tried rise up sotimeout. Not worked.

We changed Agent log level to Debug and we saw many of this messages.

26-09-2017 20:23:36,043 CEST DEBUG [pool-1-thread-11] [Collector] name=ICMP Check, thread=pool-1-thread-11, result=Tue Sep 26 20:23:36 CEST 2017 (/192.168.xxx.xxx) null values={Availability=0.0, ResponseTime=19969.0}

(In my next Article I will show you how you can change EP OPS Agent’s log level and file size.)

ICMP

We opened a new case at GSS (VMware Global Service Support) about this problem, but fortunetly in the maintime (under weeks – waited for GSS) we find a Release Note for vRealize Operation Manager 6.2. The subscription in this note looks like very similar as our problem 🙂

No data returned when running ICMP check
When attempting to run an ICMP check for remote monitoring from an Agent running on a Windows platform, no data is returned.
Workaround: Do not use ICMP checking from an agent that is deployed on a Windows platform.

Link: http://pubs.vmware.com/Release_Notes/en/vrops/62/vrops-62-release-notes.html

We changed the Agent from Windows base OS to Linux OS, and in the last weeks we didn’t revecive fals alerts. I’m really sad becouse we use vRealize Operation 6.6.1 and the problem, wich was discovered in 6.2,  is still exists in the latest release.

Add Certificate to vRealize Operation Manager tcServer Truststore

kisstib0r VMware , , ,

Why interesting this? We use VMware vRealize Operation Manager and vRealize Log Insight. This two products is integrated eachother. E.g.: when I select a VM in vROps than I select Log tab, vRLI will open in the same window, and shows me the logs wich is belong to the selected VM. In that case we won’t get cert. error message in vROps. So we can import or add vRLI cert into vROps certifiacet store.

vRealize Operation Manager handle only PEM format certificate. If you have cer file in DEM format you can convert it by OpenSSL.

Convert DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

View PEM cert:

openssl x509 -in aaa_cert.pem -noout -text

Upload the file to vROps server e.g.: /tmp folder by WinSCP. Open Putty or your favorite SSH application and log in to vROps Nodes by root. Type the following command on console:

$VCOPS_BASE/jre/bin/keytool -import -alias <alias_name> -file /tmp/<cert.pem> -keystore “$VCOPS_DATA_VCOPS/user/conf/ssl/tcserver.truststore” -storepass <thisisstorepasskey> -trustcacerts

The <truststore_password> is generated by vROps and is located in /storage/vcops/user/
conf/ssl/storePass.properties. Copy the password from the ssltruststorePassword= field and paste it in the <truststore_password> placeholder.

Press enter, and say yes for question about trustid certifiaction.

Repeat the above steps on every vROps node. Don’t forget reboot the host after you ran the command successfully.

Import_cert_vRealize_Operation

SWAP drive Alerts in vROps

kisstib0r VMware , ,

In our MS SQL environment we use dedicated swap drive wich almost is full becouse of we set it up Custom size. Despite of it is a normal behavior, vROps generate “Guest file system space usage” Alert. In this article I would like to show you how to manage this situation in vRealize Operation Manager and avoid unnecessary alerts.

In this example we have two similar VM with three drive: C: for OS, H: for Kernel and S: for SWAP. From Kernel drive you could figure out, it is a SAP environemt 🙂

SWAP_Alert_vRealize_Operation_001

We want to keep alert to C: and H: drive, but we don’t get alert from S: (swap) drive, unless it is full.

First of all we can create new symptoms to this VMs. You can see the table below. Create Warning (85%) , Immediate (90%) and Critical (95%) symptom to C: and H: drive too. As you can see in table.

For S: drive enough Info level and condition will be “is greather than or equal to” with value 100 (precent). So the swap drive is full, vROps will create an Alert. 100% is just an advice, you can change the value as you wish, customize your environment.

SWAP_Alert_vRealize_Operation_003

We can use “Guest File System stats / Guest File System Usage (%)” metric under effected drive. As you can see, in this list we don’t see S:\ drive.

In the interest of we see our VM’s S:\ drive click the little grey icon next to Metrics select list form.

In the new window you can find a list of all VMs, select that VM wich want to configure, and click OK, than you can see the all drive under Guest File System stats.

Choose drive eg. C:\ and under the drive letter you will find the “Guest File System Usage (%)” metric. Drag and drop to right side of window.

Create all symptoms from list of below.

 

 

 

 

SWAP_Alert_vRealize_Operation_004

Create this Symptomes

Base Object Type Metrics Threshold Name Level Condition Value
vCenter Adapter / Virtual Machine Guest File System stats / C:\ Guest File System Usage (%) Static C Drive space usage at Warning level Warning is greather than or equal to 85
vCenter Adapter / Virtual Machine Guest File System stats / C:\ Guest File System Usage (%) Static C Drive space usage at Immediate level Immediate is greather than or equal to 90
vCenter Adapter / Virtual Machine Guest File System stats / C:\ Guest File System Usage (%) Static C Drive space usage at Critical level Critical is greather than or equal to 95
vCenter Adapter / Virtual Machine Guest File System stats / H:\ Guest File System Usage (%) Static H Drive space usage at Warning level Warning is greather than or equal to 85
vCenter Adapter / Virtual Machine Guest File System stats / H:\ Guest File System Usage (%) Static H Drive space usage at Immediate level Immediate is greather than or equal to 90
vCenter Adapter / Virtual Machine Guest File System stats / H:\ Guest File System Usage (%) Static H Drive space usage at Critical level Critical is greather than or equal to 95
vCenter Adapter / Virtual Machine Guest File System stats / S:\ Guest File System Usage (%) Static S Drive space usage at Info level (SWAP) Info is greather than or equal to 100

From this symptoms we can create new Alert.

Create new Alert

Name Base Object Type Impact Criticality Alert Type and Subtype Wait Cycle Cancel Cycle
SAP LFP Apps virtual machine guest file systems are running out of disk space vCenter Adapter/Virtual Machine Health Symptom Based Virtualization/Hypervisor: Capacity 1 1

If you did everything right, you will see similar things as picture below.

SWAP_Alert_vRealize_Operation_002

Create new Custom Group

Ok, now you can create a new Custom group under Environement / Environment overview menu. Hit the green cross on top of the menu, and configure membership criteria. Part of Policy leave empty for now. In this eximpe I add exact VMs to this group. The name of the new group: “Disable SWAP drive alert”

SWAP_Alert_vRealize_Operation_005

Create new Policy

Go Administration / Policies / Policy Library and add new one. In the “6. Alert / Symptom Definitions” menu disable “One or more virtual machine guest file systems are running out of disk space” default alert, and Enable the newly created alert, in this case “SAP LFP Apps virtual machine guest file systems are running out of disk space”

SWAP_Alert_vRealize_Operation_006

In “8. Apply Policy to Groups” part select the custom group wich was created before, and click OK.

SWAP_Alert_vRealize_Operation_007

If you have any question pls. leave comment.

vRealize Operation 6.6 “hidden” enhancement

kisstib0r VMware ,

You can find lots of infomration about VMware vRealize Operation 6.6 or 6.6.1 release. You should have to read about new H5 User Interface, new DRS capability and new Dashbords.

But do not forget the small things. I really like (and nowhere find information about this enhancement) the full screen option especially on Policy window.

vRealize_hidden_enhancement_001

I use 24″ display even so when I had to modify something in the Policy, I can’t resize the window and it was annoying. In policy window we can manage batch of options like major badge treasholds, alerts, collected metric and so on. So you can jump here really offten, if you want to chenge anything in vROps you can do it here. I really missed something like feature, but looks like not only me 🙂

I discovered this option on Symtomps Definition window and Dashboard widget windows too.

vRealize_hidden_enhancement_002

vRealize_hidden_enhancement_003

Change vROps “Datastore is running out of disk space” precent centric alert

kisstib0r VMware ,

Datastores is an importent objects in every VMware environtment. Especially free space of Datastore. So I think we need collect information about free space and we want to get alert message when the free space is low or it is getting low on DS.

Fortunetly VMware vROps has a built-in alert message about this topic. Name of this alert is “Datastore is running out of disk space” wich alert send to Us e-mail when “Datastore space usage reaching “ALERT LEVEL” limit” (85/90/95%) and “Datastore space time remaining is low” symptom definitions meet the values.

VMware_vROps_Symptoms_Alert_002
Default Alert settings of Datastore is running out of disk space

As you remember in vROps Alerts is working different way as other monitoring tools (as I know, like Nagios).

vROps collect metrics from environment, in this case from Datastore through vCenter Server. We can create Symptome Definitions (Alert / Alert Settings / Symptom Definitions/Add (green cross)) from Metrics or Properties.

VMware vROps Symptoms

Alerts consists of symptoms. If symptoms reaching the level wich was seted up and match all conditions (Any / All logical separation) we have got Alert from vROps.

More informations about vROps Alerts:
https://docs.vmware.com/en/vRealize-Operations-Manager/6.6/com.vmware.vcom.core.doc/GUID-06380281-4B99-4E4B-9D4E-574E5D0A9194.html

 

Jump back to subject of this blog article. My problem was with default DS alert that we should have leave huge free spaces on big datastores becouse of this symptoms is watching free space in precent. Eg. I got alert from 8TB datastore despite of I had 700GB free space on this DS.

I created new symptom definitions:

Base Object Type: vCenter Adapter / Datastore
Metrics: Capacity / Available Space (GB)
Threshold: Static

Name Level Condition Value
Datastore Available Space reaching Warning limit Warning is less than or equel to 150
Datastore Available Space reaching Immediate limit Immediate is less than or equel to 100
Datastore Available Space reaching Critical limit Critical is less than or equel to 50

VMware vROps Symptoms

After I added this tree symptoms to “Datastore is running out of disk space” alert as new Self-Datastore objects by “Any” condition.

VMware_vROps_Symptoms_Alert_003

This alert mean: The DataStore free space is lower than 85% or 90% or 95% and 150GB or 100GB ot 50GB and Disk space time remaining <= 60 days we are going to get an Alert message from vROps.

If you have any qestion pls. leave a comment!