Install SexiLog VMware Logs Analysis

Vmware

SexiLog is a specific ELK virtual appliance designed for vSphere environment. It’s pre-configured and heavily tuned for VMware ESXi logs. Once connected to your network, set SexiLog as syslog remote host and relax. Official website for this awesome appliance is available at http://www.sexilog.fr.

Sexilog is based on ELK stack (ElasticSearch, Logstash and Kibana) as on other opensource tools (nodes.js, etc.).

sexi

Sexilog offers many features as:

  • Ready To Log: Just deploy the lightweight VMware OVA appliance on your favorite hypervisor, redirect your ESXi syslog and snmp traps to SexiLog and start searching.
  • Free: SexiLog is just a bundle of awesome free tools with a bit of our knowledge and experience. It’s free and will remain free.
  • Build Your Own SexiLog: You can build your own appliance and add any SexiLog configuration files.
  • Predefined dashboards: Sexilog provides many built-in dashboards to get real-time logs from your ESXi hosts, vCenter, but also other products which can use Syslog, SNMP traps or Windows event logs.Almost 20 predefined dashboards (a.k.a. SexiBoards) are available out of the box, but you can create as many as needed for your needs.

If you want to try the product before deploying it, you can access a demo here: demo.sexilog.fr

Install Sexilog

SexiLog is really easy to use and to deploy: after the OVA deployment, you only have to configure a static IP (if you don’t have a DHCP) and redirect your ESXi logs.

First of all, you need to download the OVA file from this linkThis appliance is sized for 1500 msg/s (~20 ESXi hosts). If you need someting bigger, you can increase vCPU, vRAM and vmdk size but you may also need to tune ES_HEAP_SIZE, LS_HEAP_SIZE and logstash filterworkers flag.

You can find all release notes on our GitHub Milestones page: https://github.com/sexilog/sexilog/milestones?state=closed.

The second step is to deploy SexiLog appliance on a VMware vSphere™ environment.

OVF

SexiLog is pre-configured in DHCP mode but it’s possible to switch to static mode.

After running the vm , you need to log in and modify your networks settings (if you don’t like to leave default DHCP settings). The default root password is Sex!Log .

OVF

To change network configuration choose the option 5 Network Settings.

step5

After changed the network configuration , you will be asked to reboot the virtual machine.

step6

Now choose option 7 to configure Riemann service for e-mail alerting.

step6

After finished the deployment of sexilog tools, you need to make VMware ESXi send logs to your SexiLog appliance, you need to add udp://your_appliance_fqdn_or_ipv4:514 in the advanced option Syslog.global.logHost.

step6

Now you have finshed the configuration steps, the SexiLog web interface (i.e Kibana) is listening on TCP port 80 so you can reach it at http://your_appliance_fqdn_or_ipv4/.

The default root password is Sex!Log. The default keyboard layout is Qwerty US.

step6

That’s all. For more information you can visit sexilog.fr!