VMware vRealize Log Insight 4.5

Log Insight 4.5, available 2017-06-13.

Download | Release Notes | Installation and Usage Videos | Support Center
 

New server features:

  • Added API to query alert execution and notification history
  • Added ability to specify basic authentication for webhooks
  • New product configuration APIs added
  • The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
  • Hosts on the /admin/hosts page can now be exported
  • Support for external load balancers has been deprecated
  • VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated. See the following Knowledge Base article for migration information: Article 2148976

General User Interface Items:

  • Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
  • Added ability to show a given time across all dashboard chart widgets simultaneously
  • Separate options are available for descriptions and recommendations for user alerts
  • User alert history for aggregation queries now includes count

New agent features:

  • Added ability to send unaltered raw syslog to destination server
  • Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
  • Added auto-update checkbox option on MSI user interface
  • Added support for sending logs to multiple destinations
  • Added directory wildcard support
  • Added support for Photon OS
  • Support for Ubuntu 12.04 LTS has been deprecated

And just like in previous releases, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 4.5.

Join the VMware Log Insight Community!

Register now and vote on feature requests or propose new ones.

You'll also have access to our next Technical Preview release. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

Feature Requests

Add progress status for storage expandtion

Hi Just had to had storage to a Log Insight cluster. I guess I have not do that in a while or atleast I do not remember how long it takes. As it seems like the node is just stuck doing nothing it would be nice if a progress bar/status could be shown on console when storage is expanded. A plus would be is an ETA could be shown as well 🙂 the only way to see that the VM/node is not dead is to look at disk usage ...more »

Submitted by (@michaelryom)
Add your comment

Voting

1 vote

Content Packs

Super Pack for non-log data from Active Directory

Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »

Submitted by (@ronny.berntzen)
2 comments

Voting

2 votes

Feature Requests

Generate Support Bundle for Host or Hosts from vRLI Data

Basically, the thought is that we have a UCS Blade based host go down and we've now lost our logs. But wait, we have vRLI running and has those logs, but I don't see anyway to collect a Support Bundle for the host that would include the proper log entries for a SR request with VMware. Well, I can say I want entries from this data range with the hostname of xxx, but am I sure I got what I needed? Also, when I export ...more »

Submitted by (@jlw52761)
1 comment

Voting

4 votes

Content Packs

HP OA content pack

Hi

 

Had en issue - created an content pack 🙂

 

So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.

 

It has three dashboards - Overview, changes and authentication.

 

Overview gives you quick insight to changes and problems in your environment.

Changes - is all about changes made by humans

Authentication - shows login attempts and failures

Submitted by (@michaelryom)
3 comments

Voting

3 votes

Feature Requests

Tamper-proof archive files

A request has been made for functionality to ensure and confirm that sealed archives are absolutely tamper-proof. This will be a key requirement of audits of the customer's Log Insight implementation, specifically as it's dealing with monitoring a PCI environment.

Submitted by (@andymartin1)
Add your comment

Voting

5 votes

Feature Requests

Add conf.d style configuration to liagent's config

I'm deploying systems under ansible and each has different log directories to be pushed. And I might layer different services. Similar to see /etc/rsyslog.conf and rsyslog.d, I'd like to be able to add additional configurations by just simply dropping files into a liagent.d/ directory (the path of which would be defined in the main liagent.ini) This would allow me to drop say a liagent.d/httpd.ini to grab http logs ...more »

Submitted by (@rrauenza)
2 comments

Voting

3 votes

Feature Requests

Searching from UTC time

In the UI please allow searching based on UTC time as well as client local time. Some teams work better using pure UTC time as it help to coordinate events between systems. Currently you need to do a time translation to get the correct time.

Submitted by (@ppeterson)
Add your comment

Voting

2 votes

General Log Insight Q&A

STRUCTURED-DATA for non-agent messages

Ahoj there, i'm sending in messages directly to vRLI server over udp:514. They should be perfectly RFC compatible as it works on another syslog server (non vRLI server 😉 ). Question: i can't get vRLI to format/extract the structured data automatically. I found some docs regarding syslog structured-data extraction for agent but nothing for non-agent messages. Isn't this implemented? As an example: 2017-08-28T09:28:55.509334+02:00 ...more »

Submitted by (@rockaut)
4 comments

Voting

1 vote

Feature Requests

Dashboard thresholds and limits

I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.

Submitted by (@jbronson)
Add your comment

Voting

1 vote

General Log Insight Q&A

Bug - Content pack loading after uninstall

Hi

 

After uninstalling a content pack. Log Insight still tries to access the last used content pack, which in this case has been uninstalled. This results in Log Insight loading "forever" - Atleast i did not see it timeout.

 

Workaround close all browsers and log in again.

Submitted by (@michaelryom)
Add your comment

Voting

4 votes

Content Packs

Veeam B&R Content Pack Agent configuration incomplete

Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.

Still, Agent has no configuration and does not collect Veeam events.

 

Simple as it is, it could be useful to have Agent configuration ready here:

 

[winlog|Veeam_Backup]

channel=Veeam Backup

 

Yes, that's it :)

 

Should I really attach it as a separate content pack here?

Submitted by (@o.karimov)
4 comments

Voting

1 vote

Administration of Log Insight

Forwarding windows events (UDP/TCP) always includes tags

I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »

Submitted by (@tomas.baublys)
Add your comment

Voting

1 vote