Log Insight Alerting (with vROPs)

One of the nice things you can do with vRLI and vROPs is to pass information and events between the two, using data in one to trigger an action in the other.

For example, lets assume that we have detected an undesirable situation with one of our ESXi hosts that shows up as specific log messages in vRLI.  We’ve defined a filter in one of my previous posts to locate the event we are concerned with (in this example it’s a DVFilter error message for a vDS).  As we might want to know if this issue occurs with other hosts the hostname filter has been removed.

Screen Shot 2018-08-28 at 15.53.25

Our next step is to define an alert for when this event is detected by vRLI.  We can do this using the “Create Alert from Query” option.

Screen Shot 2018-08-28 at 15.51.31

Any description and recommendation information we had here will be passed through to the alert in vROPs.  The failback object is only used to register the alert against inside vROPs if the actual object cannot be found within vROPs.

Screen Shot 2018-08-28 at 15.57.10

The alert configuration is committed once saved.  It can be seen by navigating to the “Manage Alerts” menu as shown below.

Screen Shot 2018-08-28 at 16.24.08

Screen Shot 2018-08-28 at 16.24.47

If an alert is triggered in vRLI then it can either be seen by going to the “All Alerts” section or by navigating to the object concerned and looking at the alerts tab.  In these examples our DVFilter Error alert has been detected on our ESXi host.

Screen Shot 2018-08-28 at 16.42.50

Screen Shot 2018-08-28 at 16.43.57

The alert contains all of the details from vRLI.

Screen Shot 2018-08-28 at 16.46.30