Stream Horizon View logs to VMware vRealize Log Insight

With the introduction of Syslog Support, management and troubleshooting of VMware Horizon View 6.x is much more versatile and offers best in class log management by integrating with syslog server such as VMware vRealize Log Insight. By Enabling operational intelligence and visibility in dynamic hybrid cloud environments, vRealize Log Insight is designed to deliver log management through aggregation, analytic and search. Especially by leveraging VMware’s own solution, it is much more powerful yet simpler to deploy and start Log Management with intuitive UI based interactions that get you started immediately without the need to learn a new query language.

If you have an existing VMware Horizon View instance, it is very easy to have it integrated with a syslog server such as Log Insight. To setup a Log Insight Server, deploy the appliance VM (Latest version Log Insight 2.5, was used for this blog) and perform initial configuration. Detailed documentations are available here. For convenience, I’m including a brief explanation in this blog post on how to setup the Log Insight server.

Figure 1. Log Insight 2.5 Deployment Wizard

vRealize Log Insight is available in an Open Virtual Format (OVF) File. From the vCenter Console, browse the market place or navigate to the “Deploy OVF Template” option and point to the appliance file. Accept the license agreement and provide networking and login information. You will have an option to choose the level of scale, which will fine tune the resource settings of the appliance virtual machine appropriately.

One you have Log Insight Server deployed and customized, the VM console will display the access information (Figure 2) for the web based management.

Log Insight Server Console
Figure 2. Log Insight Server Console

Login to the specified URL through a web browser and perform initial configuration. You can start a new deployment or join to an existing deployment. Proceed further with configurations like credentials management, Time Zone Configuration etc. and click “finish” to complete the configuration.

Now you have the Log Insight server ready for post install configuration and management. All remaining administration and management options are included in the web based console and dashboard. The primary post install task is to add a desired content pack. (In this case, content pack for Horizon View)

Adding The Content Pack

The Content Pack for VMware Horizon View is available on the official Cloud Management Marketplace website. You can either download this content pack and import it manually.  To do this, open the Log Insight web console, at right top corner, next to “Admin” settings, drop down the menu and select ‘Content Packs’. Next, navigate to the left bottom of the page, and click on “import content pack”, browse and select the downloaded content pack file.

Alternatively and more conveniently, Log Insight 2.5 has the facility to browse the market place and choose & install the content pack directly. For this go the Content Pack Market place from the left panel inventory and browse various content packs.

Content pack MP

View CPNow look for the content pack named “VMware – Horizon View” and click on the  install button to add the content pack directly. I have used the the latest version (2.0.3) which supports Horizon View 6.x. Once the content pack has been added, the server will be ready to display the logs those are streamed from a Horizon View Server or View Agents (Virtual Desktops).  You can also add additional content packs for other products and solutions; or leverage the default content packs available with the Server.  Each content pack will create its own dashboard menu to present the streaming contents.

Configuring Horizon View logs to Log Insight

For View server logs to be sent to a Syslog server such as VMware vCenter Log Insight, one Group Policy Object settings has to be enabled from active directory. Logs are sent from all View Server and Desktop components in the OU or domain in which this GPO is configured. You can send View Agent logs to a Syslog server by enabling this setting in a GPO that is linked to an OU that contains your desktops.

Adding Group Policy for Active Directory OU

These GPO settings are Horizon View specific and need to be added exclusively to the active directory through GPO templates. Such GPO template comes as part of  View ADM files in a View GPO bundle file (VMware-Horizon-View-Extras-Bundle-x.x.x-yyyyyyy.zip) and available on the VMware Horizon View Download Page. Download this ADM file to the Active Directory and configure the policy. Detailed steps are given below.

Step 1. Create an OU (for View Servers and/or View Desktops)

To apply group policies to View Components without affecting other Windows computers in the same Active Directory domain, create an OU specifically for your View Server and View Desktops. (This can be single OU, but it is a good practice to keep them separate so that you can have OU level isolation for server and desktop components)

  • On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory Users and Computers.
  • Right-click the domain that contains your View desktops and select New > Organizational Unit.
  • Type a name for the OU and click OK. — The new OU appears in the left pane.

To add existing View Servers and View Desktops to the new OU:

  • Click Computers in the left pane — All the computer objects in the domain appear in the right pane.
  • Right-click the name of the computer object that represents the View Server (or View Desktop)  in the right panel and select Move.
  • Select the OU and click OK. — The View Server (or View Desktops) appears in the right pane when you select the specific OU

Step 2. Create GPOs for View Group Policies

Create GPOs to contain group policies for View components and link them to the OU for your View Servers and View Desktops.

  • On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory Users and Computers.
  • Right-click the OU that contains your View Components and select Properties.
  • On the Group Policy tab, click Open to open the Group Policy Management plug-in.CreateGPO
  • Right-click the OU and select ‘Create and Link a GPO here…’
  • Type a name for the GPO and click OK. The new GPO appears under the OU in the left pane.

Optional: To apply the GPO only to specific View Component in the OU,  Select the GPO in the left pane. and select Security Filtering > Add. Now type the computer names of the View Component and click OK. The View Components appear in the Security Filtering pane — The settings in the GPO apply only to these View desktops.

Step 3. Add View ADM Templates to a GPO

To apply View component group policy settings to your View servers and desktops, add their ADM template files to GPOs.

  • Copy the View component ADM Template files from the install_directory\VMware\VMware View\Server\extras\GroupPolicyFiles directory on your View Connection Server host to your Active Directory server.
  • On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory Users and Computers.
  • Right-click the OU that contains your View servers and/or desktops and select Properties.
  • On the Group Policy tab, click Open to open the Group Policy Management plug-in.Edit GPO
  • In the right pane, right-click the GPO that you created for the group policy settings and select Edit. (The Group Policy Object Editor window appears.)
  • In the Group Policy Object Editor, right-click Administrative Templates under Computer Configuration and then select Add/Remove Templates.
  • Click Add, browse to the ADM Template file, and click Open. Click Close to apply the policy settings in the ADM Template file to the GPO. — The name of the added template appears in the left pane under Administrative Templates.

Configure the group policy settings.

Now navigate to the newly added template folder; Administrative Templates > VMware Common Configuration > Log Configuration. Policy

On the right side, select the policy ‘Send logs to a Syslog Server’ , Right click and ‘Edit’. A Policy Configuration window appears.

To send log data to a syslog server, enable this setting and specify the log level and the server’s fully qualified domain name (FQDN) or IP address. You can specify an alternate port number if you do not want to use default port 514. Separate each element in your specification with a vertical bar (|). Use the following syntax:

Log Level|Server FQDN or IP [|Port number(514 default)]

Log Level (required) = Trace|Debug|Info|Warn|Error
Server FQDN or IP (theoretically optional), default = localhost
Port number(optional), default = 514

Important: Syslog data is sent across the network without software-based encryption. Because Horizon View Server logs might contain sensitive data, avoid sending Syslog data on an insecure network. If possible, use link-layer security such as IPsec to prevent the possibility of this data being monitored on the network.

Log Insight Pie Chart of VMware ViewTo apply the new Group Poilcy settings without downtime,  run “gpupdate /force” command on the View Servers’ command line console (or as a start – ‘run’ command). The new policy settings will be applied in few minutes, and logs will be start streaming to the interactive analytics of the Log Insight web management page, and to the Dashboard. The Dashboard will display component wise logs and statistics based on the event / filter category.

Interactive Analysis
Sample ‘Interactive Analytics’ graph for One View Server and Agent

To ensure, logs from newly provisioned desktops are streamed; while provisioning the desktops, choose the appropriate Active Directory OU for computer objects which has the Syslog policy applied as explained in the above sections.

The Improved Dashboard for Horizon View

DashBoard
Dashboard Menu Items (Horizon View Content Pack 2.0.3)

The Dashboard provided through the Content Pack version 2.0.3, is much more improved. The ‘Systems’ menu  displays analytics for ‘Shows CPU Usage in percent of allocation’, Memory Use, Health Updates, Tracker Message Types, Broker Sessions, Failed Host Connections, and Tracker Message Queue Delay. The ‘Cluster’ menu includes ‘Cluster controller Last Seen (Milliseconds)’, and Cluster Node Up & Down analytics. Under the ‘Authentication’ menu; Average LDAP search Time (Milliseconds), Authentication failures, Single Sign-On Authentication status, and Domain Status are displayed.

Active User count, Terminal Status Codes over time, Active Users, Active Agent Versions, and Active Virtual desktop operating Systems are available under ‘Users’ menu.

Moreover, wide-variety of detailed analytics are available for Desktop Sessions, Security gateway, PCoIP Network and Quality. Also a dedicated menu to analyse “error” logs and events.

Permalink to this article

Advertisements

2 thoughts on “Stream Horizon View logs to VMware vRealize Log Insight

  1. Doug Storms March 4, 2015 / 9:50 pm

    Good article on a useful tool, I am using LogInsight 2.5 with the Horizon View pack, but cannot populate the User section- Any Idea’s?

    Like

    • kgsivan March 4, 2015 / 10:34 pm

      Thanks… Latest Content pack (2.0.3) has Desktop Sessions statistics. Should be streamed if both Server and Desktops logs are configured for log Insight streaming (that means both should be deployed to an OU where GPO is applied). You may also try sample sessions of PCoIP and RDP. If you still face issues, I would suggest you to start a discussion at http://loginsight.vmware.com/

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s