VMware vRealize Log Insight 3.3

Log Insight 3.3 released 2016-03-01: Download | Documentation and Release Notes | Installation and usage videos | Support Center

New features include graduations from our Technology Preview program, like a Query API for programmatic retrieval of events, Multiple IPs in the intergrated load balancer and Webhooks for sending Alerts to other systems. And perhaps most tantalizing, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 3.3.

 

Join the VMware Log Insight Community!

Register now and vote on feature requests, propose new ones or ask questions.

You'll also have access to our next Technical Preview release, which will be posted here as soon as we're done polishing it. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

Feature Requests

Fail to add IPv6 Virtual IP

I've deployed a IPv6-only 3.3.1 loginsight, and wanted to add a virtual IP. The DNS-registration is correct from FQDN to IP-address that I try to add (and the reverse). I've also checked via shell access on the loginsight vapp.

 

There is only one vapp in the cluster, but I guess that is not relevant.

Submitted by

Type : Bug

Feature Requests

Widget to dynamically alter other widgets

It would be nice to be able to add a widget that has the power to update other widgets on the same dashboard. The use case would be for widgets that are aggregating data from many hosts, and you want to quickly add a filter to all of them to see the scope narrowed to a single host or tag value. This would be of particular benefit for helping search through log bundles uploaded from the import tool, as user-specified ...more »

Submitted by

Type : New Feature

General Log Insight Q&A

Error configuring LI integration in vRO 7.0.1

Not sure if this belongs here, but wanted to post it for the LI folks' eyes before declaring it a bug. Basically, when trying to configure LI integration from vRO 7.0.1 via the Control Center, we get an "HTTP Status 500 - Failed to edit Log Insight Agent configuration file!" error message. Logs aren't particularly helpful and mention this message in /var/log/messages. It seems to happen regardless of the auth type (vRA ...more »

Submitted by

Type : Bug

Feature Requests

translation tables

Currently data is shown as is. Some data is not that easily referable to a given protocol or event for that matter. I suggest a way to create "translation tables" such as key=pair values in order to add value to the logs for extracted fields. Examples: portnumber: 69 would have a key pair called 69=TFTP in a portnumber translation table assigned to the specific extracted field. or H:0x7 D:0x0 P:0x0 Possible sense data: ...more »

Submitted by

Type : New Feature

Feature Requests

FR: Add ability to tag data

Add ability to tag any data in search results. For example, NAA. addresses could be right clicked on in results and tagged with the name of the datastore. Consequently, any time that NAA address appears in results it would display as the tagged name. It would be idea if tagged data was highlighted or in a different color so you know that it is a tag. Hovering over the tag would show the underlying value.

Submitted by

Type : New Feature

Feature Requests

Handling mathematical operation in Log Insight

As per RFC5424 standard, we need handling mathematical operation logic to find the Facility and Severity values from Priority value as per below calculation. Priority = Facility*8 + Severity. For example, below is one of the RFC5424 Standard syslog message SYSLOG: <14>1 1970-01-01T00:01:24.143Z - ICX7250-Router - msgId [meta sequenceId=10] BOMSystem: Interface ethernet 1/2/2, state up Here value(14) between angular ...more »

Submitted by

Type : New Feature

Feature Requests

PRTG WebHook Support

At the moment WebHooks are very Static regarding output format.

That is a problem if you have a monitoring Solution that is also very static by receiving WebHooks:

 

PRTG Only excepts this syntax

 

https://fqnd:5050/loginsight?content=XML String with fixed Syntax

 

https://www.paessler.com/manuals/prtg/http_push_data_advanced_sensor

 

Is there a way to integrate a WebHook Syntax Builder?

Submitted by

Type : Enhancement

Feature Requests

Schedule alerting for certain day times

Some alerts should be only active during certain times:

for example admin log in should not be alerted during working hours, but is worth alerting in the middle of the night. Same may apply to certain configuration changes (VM configuration changed outside normal working hours).

Submitted by

Type : Enhancement

Feature Requests

Enable parser selection and configuration on server or forwarder

Use case:

1) There is no way to use an agent and logs are not getting properly parsed on the server

2) Agent is installed, but administrator prefer not to risk any additional load on the source system caused by agent-side parsing

 

Solution: configure parsing (analogue to agent-side parsing) on the server or dedicated forwarder

Submitted by

Type : New Feature

Feature Requests

Enable Log Insight to use Hadoop Cluster with mapreduce for better search performane

Maybe it's on the Roadmap of Log Insight, i don't know, but it would maybe a good Idea to use the mapreduce technology of a hadoop cluster for log insight (vSphere Big Data Extentions?). This allows a better scale of the Log Insight's Database with a really fast search engine with the extreme fast distributed search technology of mapreduce.

Submitted by

Type : New Feature

Feature Requests

Feature Request - Using Log Insight as a Forwarder and retaining source IP

We are using a third party SIEM. Due to the layout of the network and security requirements, we can only use log insight if it can forward all syslog and event log data to our SIEM. The problem is that the SIEM relies on the source IP of the system that generated the syslog data to be able to do its analytics. It creates a log source for each new syslog packet with a distinct IP address. We would like to use Log Insight, ...more »

Submitted by

Type : New Feature

Displaying 1 - 20 of 203 Discussions