Last night VMware dropped several new releases, here they are! Aria Operations 8.14 and Aria Operations SaaS (October 2023) What's New Blog 8.14 Release Notes SaaS October 2023 Release Notes Aria Operations for Logs 8.14 and Aria Operations for Logs SaaS (October 2023) What's New Blog Release Notes Aria Automation 8.14 and Aria Automation SaaS (October 2023) What's New Blog Release Notes Aria Suite Lifecycle 8.14 What's New Blog Release Notes First, let's upgrade Ari

VMware Aria Operations for Logs SaaS has been activated, you've deployed an on-prem Cloud Proxy and are now collecting data. As per the...

There are 80+ Aria Operations for Logs Content Packs available on the Marketplace and they are all free! This blog will discuss the...

VMware Aria Operations for Logs has been deployed, you've configured your vSphere integration/s, mine look like this. The checkbox for...

You have logs coming into VMware Aria Operations for Logs SaaS, maybe too many logs, how to filter what you need? Log Processing Rules!...

VMs reboot all the time and while most often you won't care, there are times you want to be notified. How can we use VMware Aria...

VMware Aria Operations for Logs (formerly vRealize Log Insight or vRLI) is a powerful logging platform. It can ingest logs from vCenter, ESXi Hosts, Syslog Sources, and more. But what if I want certain users to see only certain logs? Say for example, I want to give a user access to see only logs for certain VMs? We'll use Data Sets , let's explore! You've deployed VMware Aria Operations for Logs and are sending logs from vCenter, ESXi Hosts, and more. You're seeing all l

VMware Aria Operations for Logs (formerly vRealize Log Insight) is up and running and I've been logging in directly with the local admin...

In our previous post we detailed how to send VMware Aria Operations (formerly vRealize Operations) Alerts to Slack . This blog will detail how to send VMware Aria Operations for Logs (formerly vRealize Log Insight) Alerts to Slack. We can use the same Slack Webhook URL we set up previously, so this should be a bit easier. Log into Aria Operations for Logs and go to Alerts - Webhook - NEW WEBHOOK. I've given my new Webhook a name, selected Slack from the Endpoint dropdown (t

VMware Aria Operations SaaS and VMware Aria Operations for Logs SaaS Services have been activated, you've deployed Cloud Proxies (CP) for...

vROps has been deployed, vRLI is up and running, let's integrate them! In vROps, to integrate with vRLI, you activate the vRLI...

Today we can send vRLI Alerts to vROps, we can generate emails on them, and there are out of the box Webhooks for Slack, Pager Duty, and vRO. What about Microsoft Teams? Well, we can create a custom Webhook for it, so what does that look like. Let's first generate a TEAMs URL to which we will point our Webhook. Go to Teams, select your Team, then go to the three dots top right. Select Connectors. Click Add and then Add which will add the Incoming Webhook to the Channel. W

VMware vRealize Log Insight Cloud (vRLI Cloud) was introduced back in 2020. Since then VMware has released new versions on a roughly...

VMware vRealize Log Insight (vRLI) 8.1 introduced Index Partitions with customizable retention periods, giving us the ability to put logs in certain partitions and keep them as long as we'd like. vRLI 8.4 gave us the ability to archive individual Index Partitions via NFS, which looks like this. vRLI 8.8 brings us the ability to query Index Partitions! Before digging into this new feature, let's take a step back and look at the larger picture. Index Partitions are general

VMware vRealize Log Insight (vRLI) is a powerful logging tool with all sorts of capabilities, one of them being the ability to extract fields from log entries. Out of the box, each vRLI log entry will contain certain fields like source, event_type, file path, hostname, and more. They are documented here. Beyond those, there are Extracted Fields, which are user defined or Content Pack defined fields extracted from log entries. For example, the VMware vSphere Content Pack c

vRLI is up and running, you're getting vCenter Alarms, Events, and Tasks, ESXi Host Logs, but you want more! Specifically, you want your Oracle Database logs. There is a Content Pack available in the Marketplace, but there is some work required and a necessary adjustment to the included Event Marker (REGEX). Let's start by asking the DBA to turn on Oracle Listener logging and Oracle Alert logging. We'll need the path to and the names of these logs, as they are what we will

vRLI is up and running, you're collecting vCenter events, tasks and alarms, as well as ESXi Host logs. In addition, vRLI is receiving logs from F5 BIG-IP, Citrix NetScaler, NetApp FAS, and more. Let's use it to capture Certificates that have expired and Certificates that will be expiring. A quick look at my environment shows the following entries, in this case coming from F5 BIG-IP. Remember that the vRLI query language uses the logical "and" operator for phrases, in this c

I'd like to start bringing Cisco UCS logs into my vRLI environment, here's how I did it. Go to Content Packs - Marketplace and look for Cisco UCS. There are dozens of other Content Packs available here as well. As a note, I'm using vROps 8.6.2, UCSM 4.1(1b), and the 2.0 Version of the Cisco UCS Content Pack in this blog. Select it and click INSTALL. Once installed, you'll be given instructions on how to enable log forwarding via UCS Manager. Clicking the link takes you to

We've deployed vRLI, configured our vCenters and ESXi Hosts to send logs to it and now we want to use it to find VMs that have crashed. Let's do it! Go to Interactive Analytics and search for "guest operating system has crashed". I've found five log entries with this string since I started collecting data (notice the All time dropdown top right). As you hover over the Source you'll see the log source. You can also colorize by source by clicking the source link, which is qu

If you're using any of the vRealize Suite Cloud offerings, you are running Cloud Proxies (CP) in your Private Cloud. These sit in your on-prem Datacenter and act as the gateway from the Cloud into your environment. Each of the vRealize Suite Cloud offerings (vROps, vRLI, vRA, and vRNI) has its own CP (or Collector VM in the case of vRNI), we will focus on the vRLI CP here, but let's take a step back and consider all of them first. A standard deployment might look something

You've designed and deployed your vRLI Cluster, you've configured it to collect logs from your vCenters and ESXi Hosts, but you want more. Specifically, you want to collect logs from your Linux VMs. Well, we can do that with the vRLI Linux Agent. In a previous blog , we discussed the vRLI Windows Agent and how to use that to collect Windows Events. This blog will be the Linux analog to that one. Before getting into the details, let's take a look from above. Your vRLI Clus

Beyond vROps, vRLI, and vRA, the vRealize Suite comes packaged with the vRealize Suite Lifecycle Manager (vRSLCM). It's the vRealize...

Yesterday was a big day! We released new versions of every product in our vRealize Suite: vROps, vRLI, vRA, vRNI, and vRSLCM. Here are...

I'd like to know which Windows Servers in my environment have seen EventID 4740 in their Security Log, indicating a user account has been...