The Pure Storage Content Pack 1.0 for VMware vCenter Log Insight

The Pure Storage Content Pack for VMware vCenter Log Insight is now live on the VMware Solution Exchange! Download it today for free. As past posts have shown I have done a decent amount of work with Log Insight here at Pure and in my previous job. A product I have really liked from VMware for a variety of reasons, a big one being that it is so very easy to use. We really improved our syslog feature on the FlashArray in the 4.0 Purity release, so it was the perfect time to create our first content pack!

I did a past post on Log Insight with Pure Storage and you can find that here. It goes over how to setup syslog on the FlashArray and how to extract fields etc. But the content pack streamlines a lot of the prep work you would need to do on the Log Insight side to use it effectively. No longer need to extract common fields and the like. So if you use Log Insight grab the pack! Will save you a lot of work. The content pack essentially provides intelligence to Log Insight on how to interpret the fields and values in Pure syslog messages and therefore allows the user to quickly leverage Log Insight to dissect our messages.

The Pure Storage Content Pack supports:

• Log Insight 2.0
• Purity 4.0
• FA 400 Series

Yes, only supported with Purity 4.0 and later. Our syslogging was of limited use prior to 4.0 and would provide limited usefulness to Log Insight. Therefore it was not tested with the content pack and is not supported with it. I’m not saying you can’t try it, we just won’t support it and most likely it would provide little or no value if Purity is lower than 4.0.

The Content Pack includes:

• Four built-in Dashboard Groups with 15 custom chart widgets
  • Overview
  • Hardware
  • FlashRecover
  • Auditing
• Twenty customized extracted fields specific to Purity syslog messages
• Five contextual email/vCOps alerts based on particular queries

While all of this is very easy to use and deploy, I did write a white paper explaining each piece and going over the quick process of installing and configuring everything. You should be able to get the content pack up and running and syslogging configured in a few minutes. The white paper can be found here:

Overview Dashboard Group:

Hardware Dashboard Group:

Replication Dashboard Group:

Auditing Dashboard Group:

The extracted fields that are built-in to the content pack are:

Extracted Field	Description
pure_alert_message	The message from a hardware issue. An example would be “Ethernet failure”.
pure_alert_severity	This is the severity of a given alert, possibilities are critical, warning or info.
pure_event_type	This is the type of message, possibilities are audit, alert or test. Audit messages are commands run by a user, alerts are typically environmental situations such as loss of power.
pure_failed_hardware	This is the specific hardware component that is experiencing trouble. The component itself may not be bad, but it could be an unplugged cable leading to it or something similar. An example would be “SH0.PWR0”, which would be SSD Shelf 0 Power Supply 0.
pure_array_name	The name of the source array for a given message.
pure_purity_version	Version of Purity running on the source array. Note that this will not be included in all syslog messages. An example would be “4.0.0”.
pure_hgroup_name	The name of a host group involved in the syslog message describing a configuration change of a host group such as adding a host or connecting a volume.
pure_hgroup_operations	The specific command for a configuration change operation executed against a host group such as adding a host or connecting a volume.
pure_host_name	The name of a host involved in the syslog message describing a configuration change to a host such as deleting a host or connecting a volume.
pure_host_operations	The specific command for a configuration change operation executed against a host such as deleting a host or connecting a volume.
Pure_hostvol_name	The volume name involved in a host group or host group change. This is typically a connect or disconnect operation.
pure_pgroup_name	The name of a protection group involved in the syslog message describing a configuration change of a protection group such as creation or replicate now.
pure_pgroup_operations	The specific command for a configuration change operation executed against a protection group such as changing a replication scheme or deletion of a group.
pure_setattr_operations	Most Purity CLI commands have a command option called setattr that changes advanced the configuration of a given object. This describes the parameter that precedes any use setattr.
pure_user_name	For any user-initiated operation this field describes the user who executed the command.
pure_vol_name	The name of the volume in any volume management operation.
pure_vol_operations	The command parameter that follows any “purevol” command, such as delete, create or eradicate.
pure_percent_full	When the FlashArray begins to exhaust its physical capacity it will syslog a warning with a percent full number. This is typically only reported via syslog when it is at 80% and above.
pure_admin_operations	The command parameter that follows any “pureadmin” command, such as delete, create or list.
pure_cli_command	The Purity CLI base command that was used in a given operation. This would be purevol, purehgroup etc.

These extracted fields will allow a user to very easily query our messages and relate them to other events or simply sort and filter our own. Check the white paper for examples on how to do this.

Finally there are the five alerts. These alerts are not enabled by default–you must enable them yourself and decide how often they should alert you and on what interval they should be checking for events.

Pure Storage Critical Failure Alert— A component or cable has failed and could lead to data unavailability if not resolved as soon as possible. While all parts are redundant and the array itself can handle multiple SSD failures it is important to resolve any issue immediately. Contact your Pure Storage support team (if they have not already contacted you) to replace or repair the part.

Pure Storage FlashArray Capacity Utilization Warning–– Your FlashArray has reached high levels of capacity utilization. Consider adding additional capacity as soon as possible.

Pure Storage Volume Destruction Alert–A volume has been destroyed (deleted) on a Pure Storage FlashArray. By default, volume data is preserved for 24 hours following a destroy operation. If this volume should not have been deleted, log into the Pure GUI or CLI and use the purevol recover operation to reclaim the volume. Otherwise this volume will be permanently destroyed in 24 hours (or sooner if a manual eradicate operation is executed).

Pure Storage Component Failure Alert–A specific component or cable has failed and could lead to data unavailability if not resolved as soon as possible. While all parts are redundant and the array itself can handle multiple SSD failures it is important to resolve any issue immediately. Contact your Pure Storage support team (if they have not already contacted you) to replace or repair the part.

Pure Storage Power Failure Alert–A power component or cable has failed and could lead to data unavailability if not resolved as soon as possible. While all power components are redundant it is important to resolve any issue immediately. This failure could be due to power supply failure, an unplugged or damaged power cord or loss of general power. Contact your Pure Storage support team (if they have not already contacted you) to resolve the issue.

For more information check out the white paper (configuration is a breeze)! Please let me know what you think of it. How it can be improved, changed etc.