Content Packs

Content Packs are source-centric interpretations that help you make sense of your unstructured machine data.

Content Packs

Super Pack for non-log data from Active Directory

Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »

Submitted by (@ronny.berntzen)
2 comments

Voting

3 votes

Content Packs

HP OA content pack

Hi

 

Had en issue - created an content pack 🙂

 

So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.

 

It has three dashboards - Overview, changes and authentication.

 

Overview gives you quick insight to changes and problems in your environment.

Changes - is all about changes made by humans

Authentication - shows login attempts and failures

Submitted by (@michaelryom)
5 comments

Voting

3 votes

Content Packs

Veeam B&R Content Pack Agent configuration incomplete

Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.

Still, Agent has no configuration and does not collect Veeam events.

 

Simple as it is, it could be useful to have Agent configuration ready here:

 

[winlog|Veeam_Backup]

channel=Veeam Backup

 

Yes, that's it :)

 

Should I really attach it as a separate content pack here?

Submitted by (@o.karimov)
4 comments

Voting

1 vote

Content Packs

vSphere CP - [filelog|vsphere6-linux-vapi-endpoint]

The Log Path in the default Config is empty. The Logs for the vAPI Endpoint can be found in : /var/log/vmware/vapi/endpoint/

 

[filelog|vsphere6-linux-vapi-endpoint-Custom]

directory=/var/log/vmware/vapi/endpoint/

include=*.log*;*.txt*

exclude=wrapper.log*;*-gc.log*

event_marker=^\d

tags={"vmw_product":"vcenter"}

Submitted by (@markus.kraus)
1 comment

Voting

0 votes

Content Packs

Horizon VM to Zero Client

Trying to get log insight to grab the C:\ProgramData\VMware\VDM\logs\pcoip_server_2017_04_24_0000111c.txt file so that we can draw a line from a VDI session to a human on the other end of a zero client (we are a school district - kids are abusive on the equipment) There is a handy line in this file that tells me the IP of the zero client (man DNS resolution would be nice) but I can work with this because I have my DHCP ...more »

Submitted by (@jwellner)
1 comment

Voting

0 votes

Content Packs

VMware vSphere - More FDM (HA) details

Hello,

 

most HA information's are at the moment focused on VM HA Events. But the FDM Log analysis fur all the hist states is also very interesting.

 

I created some examples for the enhancement.

Submitted by (@markus.kraus)
Add your comment

Voting

3 votes

Content Packs

Updating content pack resulted in removing all dashboards.

LI version: 3.6

_____________________

 

After upgrading content pack on 3.6 Log insight from 3.6 to 4.0 result is at being all dashboard removed // disappear.

Is this because 4.0 CP should be run only on 4.0 and higher LI or?

Is there a way how to recover previous dashboards configuration?

Submitted by (@dinozoricic)
1 comment

Voting

0 votes

Content Packs

Cisco MDS Content Pack

Hello, I am wondering if any one has created or know of a content pack for Cisco MDS switches

Submitted by (@james.mccutcheon)
1 comment

Voting

1 vote

Content Packs

Snapshot Dashboard in vSphere Content Pack seems broken

The widget "VM Snapshots Created" in the "Virtual Machine - Snapshots" Dashboard in LI 4.0 seems to be broken. Even if taking multiple snapshots and setting the dashboard time span correctly, it stays on 0 and the other widgets on the dashboard remain empty. It seems to stem from the field 'vmw_esxi_snapshot_operation', which doesn't seem to match any of the log events that ESXi or vCenter Server generates when taking ...more »

Submitted by (@anders.o)
4 comments

Voting

2 votes

Content Packs

exchange content pack

debug the powershell script

How can I debug "Exchange envirotment" script? I can run it. But it cannot product the output file.

Submitted by (@syu000)
5 comments

Voting

0 votes

Content Packs

Geomap for NSX Fireall Dashboard

It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.

Submitted by (@jtsai.cp)
Add your comment

Voting

1 vote

Content Packs

vra7 setup instructions - Apache CLF

Setup instructions for VRA7 content pack specifies the following: In addition to installing and configuring the vRA content pack, the following content packs should also be installed and configured: • Apache - CLF • vRealize Orchestrator I am trying to figure out how the content pack "Apache - CLF" should be used for VRA7? For filters to select which agents receive the Agent Configuration below, which VRA server ...more »

Submitted by (@jstander)
1 comment

Voting

0 votes