Logging is a critical component of managing modern IT infrastructure, a reality that VMware realizes and is now enabling with its new vCenter Log Insight solution.
Martin Klaus, Group Manager, Product Marketing at VMware, explained to ServerWatch that vCenter Log Insight has long been the cornerstone for virtualization operations, and now the platform is being extended for the log analytics domain as well.
"Log files are the lingua franca of IT," Klaus said. "When there are any problems and you need to investigate, you need to analyze your log files."
Klaus noted that currently log analytics represents a big challenge for VMware customers. An average vSphere host could generate as much as 250 MB of log files per day. Without tools to properly correlate and aggregate that data, makes sense of log files is a very a time consuming task.
The vCenter Log Insight solution is integrated with VMware vSphere and can enable users to start monitoring logs to identify any change in behaviors or potential performance bottlenecks and issues.
The vCenter Log Insight solution stores the unstructured log data in a compressed format. The search analytics are served by proprietary indexes and other data structures that were purpose built to make unstructured data analytics fast.
While monitoring the core VMware vSphere virtualization server environment is at the foundation of the vCenter Log Insight solution, it can also be used to monitor applications that run in the virtualized environment. Log files from multiple diverse applications are typically not generated in the same format, and as such there is a need to somehow transform and make sense of disparate log formats.
Klaus explained that VMware is using an adaptive parsing approach to automatically inject log file data in a format that can be understood. The adaptive parsing is specifically enabled via content packs that VMware is building together with third-party vendors to enable the log data from various software applications.
One of the common use-cases for log data in modern IT operations is as part of a SIEM (Security Information and Event Management) solution. The basic idea behind a SIEM is that when all logs are collected, anomalous behaviors can be identified that can potentially be linked to security risk.
Klaus noted, though, that SIEM functionality is not within the product scope of the first version of vCenter Log Insight, as the primary focus with this release is IT operations. That said, he suggested SIEM is well within the realm of reason for a future capability that the platform could add at some point.
The vCenter Log Insight solution is now available as a public beta release, with general availability currently scheduled for the third quarter of this year.
Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.