General Log Insight Q&A

General Log Insight Q&A

Have a small secure downloader

Have a small download, less than 50MB, which then downloads the OVA/OVF in a reliable, restartable fashion.

Submitted by (@broth0)

Voting

-3 votes

General Log Insight Q&A

Help with Solaris 10 syslog

Has anyone had any luck with getting a Solaris 10 server to send syslog into LogInsight?

 

I've tried:

 

*.debug @IPADDRESS

 

and other variations in the /etc/syslog.conf

 

Then restarting or refreshing via:

 

svcadm refresh svc:/system/system-log:default

 

svcadm restart system/system-log

 

But nothing seems to work. Any thought/help would be great.

Submitted by (@erikkringlie)

Voting

0 votes

General Log Insight Q&A

Authentication Bug?

When user's UPN domain suffix is different than that of defined 'default domain'.

Submitted by (@k.nakagaki)

Voting

0 votes

General Log Insight Q&A

Custom field

Hello,

 

Im trying to create a custom field for the following text:

 

 

 

Remote Desktop Services: User authentication succeeded:

 

User: NAME

Domain: itctest

Source Network Address: IP

 

the user can sometimes be empty

 

i have created the field username

 

custom regex: \S*

Context:

User:

\n

 

How i see in the events that it highlights everything correctly but when i save the custom field i dont see it in my fields pane..

Submitted by (@hans.de.jongh)

Voting

2 votes

General Log Insight Q&A

Triple counting OSIs

Using a single instance of LI 2.0 (2.0.3-1879692) with a 500 OSI license installed. The only systems sending logs to LI currently are 16 ESXi hosts and 1 vCenter. LI license usage reports between 61-64 OSIs consumed (it vaires a little bit day to day). When I "run a query of IA for unique count of hostname over time grouped by hostname" (thanks Steve!) it shows the correct hosts sending syslog data, but each one appears ...more »

Submitted by (@jirahcox)

Voting

0 votes

General Log Insight Q&A

Create Alert from query which results in one event only

Currently log-insight does not have an option to raise and alert when it matches exact number of event in the query. This is especially required when i try to search for an unique error and want to send and email when it logs and the count =1

Submitted by (@charankumar.naik)

Voting

0 votes

General Log Insight Q&A

Event Forwarding Filter

Hi, Is it possible to create custom filters for event forwarding. We would like to use IP Address or possibly other variables?

 

Thanks

Submitted by (@hywelburris)

Voting

1 vote

General Log Insight Q&A

Custom Certificates requirements for Log Insight

Could somebody tell me whether Log Insight 2.5 or 3.0 will work with a certificate using key size 4096? The admin guides only mention 2048 but I was wondering if other values could be used?

Submitted by (@mark.salter)

Voting

0 votes

General Log Insight Q&A

Clustersizing

Hello, I just found out that i have created an unsupported configuration. I just added more and more disks and now have 4,4TB diskspace added to my stand alone server. So i have to create a cluster. When i deploy the ovf it says: "For Log Insight Clusters medium and large sized nodes should be used" As 3 nodes is the minimum this would mean 3*8vCPU's + 3x 16GB memory. My standalone host only uses 4 cpu's and 8GB memory. ...more »

Submitted by (@hans.de.jongh)

Voting

0 votes

General Log Insight Q&A

Support german language for content packs

I would appreciate support for the content packs for german language, e.g. for german vCenter systems or german Windows-systems.

 

Currently my Windows machines (even Active Directory) are [sadly] running with german language and it's not that easy so switch the system language on Domaincontrollers afterwards.

Submitted by (@pkernstock)

Voting

6 votes

General Log Insight Q&A

vcenter vpxd logs

Hi, I am searching through the logs in interactive analysis looking for a specific message that appears in a vpxd-822.log file for vcenter 5.5 installed on Windows. The entry I am looking for is: 2015-11-18T06:50:38.756Z [07920 info 'vpxdvpxdInvtHostCnx' opID=SWI-43915657] [VpxdIntHost] Missed 2 heartbeats for host myhostname. My Log Insight version is Version 3.0.0-3021606 Question: are the vpxd logs from vcenter ...more »

Submitted by (@noel.john.o.meara)

Voting

2 votes

General Log Insight Q&A

What agent do you use on Linux?

Would be really interested to know which agent you use on Linux servers, as I am in a debate with security team regarding whether to use the LI agent or the syslog daemon on the redhat servers. In my mind the main pros for each are:- Syslog daemon - multiple destinations (this may become a requirement) - nothing to maintain outside of base OS, i.e not 3rd party software Log Insight - cfapi support - centralised configuration ...more »

Submitted by (@hywelburris)

Voting

1 vote