ESXi Servers & vSphere
LogicMonitor uses the VMware API to provide comprehensive monitoring of VMware vCenter or standalone ESXi hosts. In this support article, we outline how to set up ESXi host and/or vCenter server monitoring.
- Creating a read-only user for an ESXi host or vCenter server
- Configuring VMware Credentials in LogicMonitor
- vSphere Tag Integration
- New VMware LogicModules
- Modifying the API Port or URI
- Troubleshooting Access
- Removing VMware monitoring
Creating a Read-only User for an ESXi Host or vCenter Server
As highlighted in the next two sections, the process of creating a user varies depending upon whether you intend to monitor standalone ESXi hosts or a vCenter server.
- Creating a user for an ESXi Host
- Creating a user for a vCenter server
Creating a User for an ESXi Host
The following set of steps walk you through the process of creating a read-only user for an ESXi host that has rights to use the VMware API.
- Using the vSphere Client, log in to the ESXi host that you would like to add to LogicMonitor as a host.
- From the Users tab, create a userid for the LogicMonitor collector by right-clicking anywhere in the users table and clicking Add.
- From the Permissions tab, add a new permission by right-clicking and clicking Add Permission.
- In the Users section, click Add, and then select the LogicMonitor userid for this permission. Click Add, then OK.
- Select the LogicMonitor user you added. In the Assigned Role section, select the "Read-only" role from the drop-down menu. Ensure that the Propagate to Child Objects option is checked and click OK.
- You must repeat this process on each individual ESXi host you want to add to LogicMonitor for monitoring. The credentials for ESXi users that have been added at the vCenter level will not be inherited down to clustered hosts. For more information on how this is configured, please see VMware's vSphere documentation.
Note: Your credentials for ESXi hosts will be in the format of username/password (e.g. logicmonitor/pass123).
If vCenter is integrated with Active Directory (AD), you will find a group in vCenter that has a corresponding group in AD. Simply create a user with read-only permissions for your vCenter environment in AD and add it to the corresponding AD group. Your credentials for vCenter will be in the format of username@domain (e.g. email@example.com) with its password.
If vCenter is not integrated with AD, you will create a new read-only using a process similar to that for creating an ESXi host user (described in the previous set of steps). However, it's important to note that a key difference between ESXi host and vCenter is that vCenter credentials are formatted as firstname.lastname@example.org (e.g. email@example.com) with password.
For LogicMonitor to provide ESXi hardware monitoring, you need to add the individual ESXi hosts to LogicMonitor - hardware status is not available by monitoring only vCenter.
No further configuration is needed to activate hardware monitoring - if you do not see hardware monitoring within LogicMonitor, check that hardware status is available from the Virtual Infrastructure client. If not, then either:
- Your hardware is not supported by ESXi for hardware monitoring. You may be able to obtain a hardware specific bundle either from VMware or your hardware vendor.
- The CIM provider is disabled - see this VMware knowledge base article.
Some of the VMware datasources are capable of pulling in vSphere tags as instance properties. This is optional and can be enabled by setting a device property named esx.tags to true. Currently the tag integration only works on datasources applied to vCenter devices. Datasources that support this functionality currently are:
The tags will show up as instance level properties on your VM instances, with the following format: auto.tag_category = tag
We recently refreshed our VMware monitoring. The new LogicModules give you greater insight into your environment while taking advantage of newer features like Instance Level Properties and LM Config. You can get the new monitoring by updating from the repository. The new modules use the same properties for authentication, so if you already have the old ones setup, the new ones should start collecting right away. Once you're sure the new ones are applied and working, we recommend disabling alerting and collection on the old one so that you can keep your historical data without getting duplicate alerts. For your convenience, we've provided a list of the old datasources along with their new equivalents:
- Large queries to clusters may place an excessive load on internal DB, resulting in data collection issues. To remedy such issues, please follow the recommendations on this article: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2107096
- You must ensure your vCenter server is sized appropriately for the numbers of hosts and VMs it is managing. See VMware's documentation for size requirements. (Note that the vCenter database requirements must be added to the vCenter server requirements if they are on the same machine.) If you are using vCenter 5.5 or lower, it is also often necessary to tune the vCenter memory configuration, as documented in VMware's knowledgebase here and here. (vCenter 6 will dynamically adjust the memory allocation to the services if the VM running vCenter is allocated more memory and rebooted.) If vCenter does not have enough resources, it may refuse some connections to the API (HTTPS) port (easily seen in the HTTPS- datasource in LogicMonitor), or it may report a value of "-1" to some performance queries. Both of these situations will cause gaps in graphs. This is not an issue with LogicMonitor.
- If your vCenter 5-minute Statistics Collection Level is set to "Level 1" some datapoints for Resource Pool may not return data. In order to access all of the necessary counters monitored, you will need to set your vCenter Statistics Collection Level to "Level 2." This can be done within your vSphere Web Client by navigating to "Hosts and Clusters" and selecting your vCenter instance. Go to the "Manage" tab, select "Settings" and then "Edit." Change the "5 minutes" interval to Level 2.
If you are using a proxy for your collector access, then you will need to exclude these hosts from being proxied by your collector or the collector will not be able to access the VMware API.
To do so, you will need to modify your collector's "agent.conf" file and find and edit the "proxy.exclude" configuration option to reflect these hosts.
To do this from the LogicMonitor UI, please select the Restart Collector option. In the window that appears, in the "Collector Config" tab, click on the "Override agent.conf" checkbox and then identify the "proxy.exclude" configuration option and change this to:
With the hostnames representing the IPs/hostnames for the various ESXi or vCenter hosts that have been added into LogicMonitor and are being monitored by this collector. (If you are using a backup collector you will additionally want to make these same adjustments on this collector as well.)
Once you hit "Submit", this will then restart the collector. Afterwards, run Active Discovery manually on your device(s) and the ESX datasources should then appear.
** If you are still having trouble and your ESXi/vCenter device has been added in via its hostname, then please edit the device to use its IP instead and repeat these steps if needed.
Once discovered, VMware monitoring will not be automatically removed from a device, in order to prevent the loss of data due to a temporary failure. If you have removed vCenter from a windows server, or otherwise wish to remove VMware monitoring from a device in LogicMonitor, there are two options:
- delete the device, and re-add it. Only the currently running services will be discovered, but you will lose all history about the device.
- use a debug command on the collector to remove the specific property that associates the vmware datasources. This will leave non-vmware data unaffected. e.g. for a device named "2012c" you could remove the property by running the following command on the responsible collector:
!hostproperty action=del host=2012c property=virtualization