In the July release of vRealize Log Insight Cloud support for Oracle Cloud VMware Solution (OCVS), log sources were released. In this blog, I describe the procedure to forward logs from OCVS SDDC
What is Oracle Cloud VMware Solution (OCVS)
Oracle Cloud VMware Solution allows you to create and manage VMware-enabled software-defined data centers (SDDCs) in Oracle Cloud Infrastructure. All provisioned private clouds have vCenter Server, vSAN, vSphere, and NSX-T. For more details, you can refer to the official documentation
Logs from OCVS are now available in vRealize Log Insight Cloud. This enables the following use case for the customers
Audit Use Cases
- vCenter and ESXi Hosts Audit Logs for security compliance
- Virtual Machine Logs for vMotion tracking
Diagnostic Use Cases
- NSX-T firewall packet logs to troubleshoot firewall misconfigurations during migration, new workload rollouts, and day 2 operations.
- Filtering and forwarding logs for centralized Data lake or SIEM solutions for threat prevention, threat detection, incident management, and machine learning.
- A resolvable hostname for the Cloud Proxy. For more details, you can refer to the documentation.
- It should be resolvable from vCenter and ESXi hosts in OCVS SDDC
- In our environment, we have it in the same VCN Domain name as the SDDC
- Cloud Proxy VM is deployed within OCVS SDDC. It would require outbound access over HTTPS through the firewall to the following URLs. For more details, you can refer to the documentation
We will be performing the following 2 Syslog configurations to forward logs to vRealize Log Insight Cloud
- Integrate vSphere with vRealize Log Insight Cloud
- Create a Node Profile with NSX-T
Integrate vSphere with vRealize Log Insight Cloud
Follow these steps to integrate vRealize Log Insight Cloud with vSphere to forward logs from vCenter and ESXi hosts. For the detailed procedure, you can refer to the documentation
Navigate to ‘Configuration -> vSphere Integration’ in vRealize Log Insight Cloud and Click Add vCenter Server.
Enter the required details in the dialog box, select the Cloud Proxy that is deployed in the Deploy a Cloud Proxy for vRealize Log Insight Cloud section, and click the required logs checkbox.
Click Test Connection and Save.
Create a Node Profile with NSX-T
Follow these steps to configure a node profile with NSX-T to forward logs from NSX-T components such as Manager and Controllers. For the detailed procedure, you can refer to the documentation
Login to NSX Manager and Navigate to ‘System -> Fabric -> Profiles -> Node Profiles -> All NSX Nodes’ in the Name column.In the Syslog Servers section, click Add to add a Syslog server
Enter the Syslog configuration
Click Add to save the configuration. Once saved the logs will start flowing into the vRealize Log Insight Cloud.
If everything is successful you can search for logs using either of following filters
source contains <ip_of_vcenter>
source contains <ip_of_esxi_hosts>
source contains <ip_of_nsx_appliances>