Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:-
- Ability to purge the "host" page
- Add last active (or last received event) to hosts page
- Ability to export the "host" page to csv
- Ability to export the "Agents" page to csv
- Ability to share the forwarder cluster agent status to "log retention" clusters. Forwarders have this information, but this information cannot be viewed on the destination log insight clusters (what we call log retention cluster)
- Ability to trigger alerts when agents or hosts become disconnected or last active >Xmins.
I think there is actually a wider discussion to be had on the management of syslog hosts, agents and content packs but I won't push my luck at the moment :)
Voting on Ideas
Vote for your favorite ideas by clicking on the up arrow.To undo an upvote, simply click the arrow again. This second click removes your vote.