Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.
Still, Agent has no configuration and does not collect Veeam events.
Simple as it is, it could be useful to have Agent configuration ready here:
Yes, that's it :)
Should I really attach it as a separate content pack here?
I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »
We use Log Insights to alert for Windows Event Log entries. It would be very helpful if we could select additional fields from the entries to include in the alerting.
It would be extremely helpful to have a vRO plug-in for vRLI that contains prebuilt workflows for common scenarios using the API.
In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
When an alert is triggered to send an email, the email has no contents that give details on the event.
For instance, we send syslog from Cisco routers and switches. We have an alert setup to show when a configuration change is made. The email shows "someone made a config change." It would be nice to include things that were in the log, username that made the change, the device/source, etc.
Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »
I'd looking for more than one copy of each unit of log data in order to survive the loss of individual node, similar to splunk. Maybe this takes the form of shipping closed Cassandra buckets (although that would not provide cover for recently ingested data).
Ideally, I could use this to provide support for loss of a worker within an AZ, or even the loss of an entire region.
Log Insight's Forwarder supports Syslog and CFAPI (HTTP+JSON) today. The Forwarder should be extended with an additional serialization format, conforming to the Windows Events XML schema. Standard Windows Events' XML attributes should be reconstructed from standard Log Insight field=value pairs.
This aligns with http://loginsight.vmware.com/a/idea-v2/211076