New Log File Analysis tools bring VMware's touted software-defined data center vision closer to reality; Cisco, EMC, other partners provide packs to translate product logs.
VMware Vs. Microsoft: 8 Cloud Battle Lines
(click image for larger view and for slideshow)
VMware's touted software-defined data center has taken a baby step closer to reality. At an early stage of development, its log file analysis system, vCenter Log Insight, is getting a helping hand from its older and wiser partners.
The software-defined data center will never arrive unless the activity of one machine is decipherable to another. In fact, servers collect reams of information on their own operations and store them in log files, but such information has traditionally been hard to access and understand. VMware wants to apply an analytics engine to the data and make it useful in making decisions governing the rest of the virtualized environment.
Cisco, NetApp, EMC, HyTrust, NetFlow Logic, Puppet Labs and VCE (VMware, EMC and Cisco subsidiary Virtual Computing Environment) have all produced specific content packs for Log Insight to make the data collected in their products' server log files more intelligible to Log Insight. The latter's analysis engine is capable of digesting large amounts of real-time data accumulated in the log files. But without specific knowledge of the terms and event patterns that are meaningful to each vendor's server log, that analysis can't yield much useful information.
When vCenter Log Insight first became generally available in July, Sanjay Mehta, VP of the competing commercially supported Splunk log file analysis product, told InformationWeek: "Data is only as good as the value that can be derived from it. Splunk allows many users within an enterprise to extract tremendous business value from their machine data." Splunk, with its head start on VMware's product, could provide analysis on specific server systems, such as Hadoop, he said.
Another competitor, Sumo Logic CEO Vance Loiselle, at that time called the VMware offering "very limited" and said its search capability would prove limited. "For search to be effective, you need to know what you're searching for," he said in an interview.
The content packs from EMC, NetApp, Cisco and other partners allow VMware to play catch up. The partners can provide the server-specific semantics and pattern information that makes their log files more meaningful.
VMware's Jon Herlocker described the new capabilities in a post on VMware's office of the CTO blog. (The CTO post is currently vacant after the resignation of Steve Herrod; Herlocker is the former CTO of Mozy, a VMware acquisition, and former CTO of EMC's Cloud Services unit.)
"We understand not everybody has the time to explore their data, apply structure and the like," he wrote Aug. 15. When users of Log Insight load it with a vendor's content pack, "you immediately get a collection of dashboards, saved queries, alerts and field definitions" pertinent to that vendor's server, he added.
EMC, for example, has produced a content pack for its Symmetrix VMAX storage array. Its log file captures "a broad range of informative events," including I/O threshold violations, configuration changes, component failures and "snap-management" events, Herlocker wrote. The content pack translates such events into charts and symbols on an easily read dashboard.
Correlating such events to what was going on in vSphere virtualization hosts used to require manual inspection of both products' log files, attempting to match up an irregular event in the one with what was going on in the other. With the content pack, "you can now monitor logs from your VMAX arrays, correlate the VMAX logs with all your other logs in Log Insight and leverage your metrics within VMware vCenter Operations," Herlocker wrote. VCenter Operations is VMware's systems management product for virtualized resources.
If VMware's vSphere monitor shows a slowdown in operations, with high latencies for certain virtual machines, that information can be correlated with what's going on in the storage array, he explained.
VMware Log Insight costs $200 for each operating system monitored, but the vendor-specific content packs are free.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.