Administration of Log Insight

Initial deployment, user/group identity sync, backups, capacity changes, upgrades.

Administration of Log Insight

Customize fields in the alert.log file

I have Log Insight version 4.3 installed, and I would like the capability of limiting who can schedule a query or search. I know there isn't a capability in Log Insight for this feature (yet). I know that version 2.0 introduced an alert.log file. I have a script that stays in memory. The script reads the alert.log file. If a new line is found, then the script will parse the current line and send data (syslog or snmp) ...more »

Submitted by (@leroyisaac)
Add your comment

Voting

1 vote

Administration of Log Insight

Forwarding windows events (UDP/TCP) always includes tags

I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »

Submitted by (@tomas.baublys)
Add your comment

Voting

1 vote

Administration of Log Insight

Forwarder produce events in the Windows Event XML format

Log Insight's Forwarder supports Syslog and CFAPI (HTTP+JSON) today. The Forwarder should be extended with an additional serialization format, conforming to the Windows Events XML schema. Standard Windows Events' XML attributes should be reconstructed from standard Log Insight field=value pairs.

 

This aligns with http://loginsight.vmware.com/a/idea-v2/211076

Submitted by (@acastonguayvmware.com1)
Add your comment

Voting

1 vote

Administration of Log Insight

Show log insight logs in log insight

Allow log insight to analyze internal (linux and application) logs in the same instance. Currently it is not supported to redirect log insight logs to itself.

Submitted by (@tomas.baublys)
Add your comment

Voting

16 votes

Administration of Log Insight

Active user list in administration view and log

Customer would like to see the list of users logged in currently and the log of user log-ins and past activities. This may be required as auditing feature (who looked at the logs, changed config and so on).

Submitted by (@tomas.baublys)
Add your comment

Voting

13 votes

Administration of Log Insight

display Log retention and disk consumption rate

It would be nice if Log Insight could display the current log retention time and disk consumption rate (x GB/day) next to the live storage statistics in the System Monitor. I know you get this info through the Admin Alert mail, but why not show it in the System Monitor?

Submitted by (@ronny.steiner)
Add your comment

Voting

10 votes

Administration of Log Insight

Tiered online, searchable data storage

When Log Insight's local capacity to store messages is exhausted, messages are archived to a remote NFS location. It would be beneficial if this flow could be tiered such that data was available online as today but moved to a slower & higher-capacity tiered disks as it ages. Consider the use-case of keeping the most recent 50GB of data on SSD, migrating it to ~5TB of slower spindles over time while keeping it searchable, ...more »

Submitted by (@acastonguayvmware.com1)
1 comment

Voting

6 votes