Administration of Log Insight

Customize fields in the alert.log file

I have Log Insight version 4.3 installed, and I would like the capability of limiting who can schedule a query or search. I know there isn't a capability in Log Insight for this feature (yet). I know that version 2.0 introduced an alert.log file. I have a script that stays in memory. The script reads the alert.log file. If a new line is found, then the script will parse the current line and send data (syslog or snmp) ...more »

Submitted by (@leroyisaac)
Add your comment

Voting

1 vote

Feature Requests

Log Files Monitoring

Log files that do not append does not get caught by Log Insight Agent. If it overwrites a log file with similar contents (such as change a number on a line), Log Insight does not detect it.

Submitted by (@jtsai.cp)
Add your comment

Voting

1 vote

General Log Insight Q&A

Log processing rate in vRealize Log Insight

Hi to all members. Could anyone help if we can capture the log processing rate and the log arrival rate by vRealize Insight ? I am particularly interested in 1. Capturing the arrival rate of the logs to the Log Insight in events/sec or bytes/sec 2. The processing rate of the logs by Log Insight in events/sec or bytes/sec. 3. Ensure my Log Insight processing rate is higher than the arrival rate. There are statistics ...more »

Submitted by (@sreejithparakkatil)
Add your comment

Voting

1 vote

Feature Requests

Email Alerts - From Address

Is it possible to assign different FROM address for different alerts I setup? I would like some email alerts to be information and some critical like FROM: critical@domain.com or FROM: INFO@domain.com

Submitted by (@jtsai.cp)
Add your comment

Voting

1 vote

Feature Requests

Ability to inject data from an external source (DB,etc) in to log streams

I've repeatedly seen a requirement to enrich log event streams within vRLI using field injection of data sourced from external data providers (fetched from database or through REST API calls). To-date the only way to accomplish this is to use another 3rd party product to do the field-injection and/or field-replacement prior to ingestion by vRLI. To-date, we need to implement syslog-ng on an intermediary system, leveraging ...more »

Submitted by (@mjusko)
Add your comment

Voting

1 vote

Collection

LI API

My customer (DaVita) is looking for a way to query LI, check when the last time it received logs from connected ESXi hosts, and if the time is greater than x, automate the restart of syslog on the host.

 

Additional conversation around this topic can be found here: https://vmware-com.socialcast.com/messages/36422396?ref=stream

Submitted by (@rklumph)
1 comment

Voting

1 vote

Feature Requests

Disable built in system alerts from sending emails

I would like to be able to disable default system alerts, specifically the SSL certificate handshake. I continue to receive alerts due to a an "SSL handshake problem. This may be a problem with the SSL Certificate or with the Network Time Service. In order for Log Insight to accept syslog messages over SSL, a certificate that is validated by the client is required and the clocks of the systems must be in sync." I am receiving ...more »

Submitted by (@mkvanmatre)
2 comments

Voting

5 votes

Feature Requests

Add progress status for storage expandtion

Hi Just had to had storage to a Log Insight cluster. I guess I have not do that in a while or atleast I do not remember how long it takes. As it seems like the node is just stuck doing nothing it would be nice if a progress bar/status could be shown on console when storage is expanded. A plus would be is an ETA could be shown as well 🙂 the only way to see that the VM/node is not dead is to look at disk usage ...more »

Submitted by (@michaelryom)
Add your comment

Voting

2 votes

Content Packs

Super Pack for non-log data from Active Directory

Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »

Submitted by (@ronny.berntzen)
2 comments

Voting

3 votes

Feature Requests

Generate Support Bundle for Host or Hosts from vRLI Data

Basically, the thought is that we have a UCS Blade based host go down and we've now lost our logs. But wait, we have vRLI running and has those logs, but I don't see anyway to collect a Support Bundle for the host that would include the proper log entries for a SR request with VMware. Well, I can say I want entries from this data range with the hostname of xxx, but am I sure I got what I needed? Also, when I export ...more »

Submitted by (@jlw52761)
1 comment

Voting

5 votes

Content Packs

HP OA content pack

Hi

 

Had en issue - created an content pack 🙂

 

So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.

 

It has three dashboards - Overview, changes and authentication.

 

Overview gives you quick insight to changes and problems in your environment.

Changes - is all about changes made by humans

Authentication - shows login attempts and failures

Submitted by (@michaelryom)
5 comments

Voting

3 votes

Feature Requests

Tamper-proof archive files

A request has been made for functionality to ensure and confirm that sealed archives are absolutely tamper-proof. This will be a key requirement of audits of the customer's Log Insight implementation, specifically as it's dealing with monitoring a PCI environment.

Submitted by (@andymartin1)
Add your comment

Voting

6 votes