Log files that do not append does not get caught by Log Insight Agent. If it overwrites a log file with similar contents (such as change a number on a line), Log Insight does not detect it.
Let us know what will make Log Insight even better! Add new ideas & vote on other feature ideas to let us know what's important to you.
Is it possible to assign different FROM address for different alerts I setup? I would like some email alerts to be information and some critical like FROM: email@example.com or FROM: INFO@domain.com
I've repeatedly seen a requirement to enrich log event streams within vRLI using field injection of data sourced from external data providers (fetched from database or through REST API calls). To-date the only way to accomplish this is to use another 3rd party product to do the field-injection and/or field-replacement prior to ingestion by vRLI. To-date, we need to implement syslog-ng on an intermediary system, leveraging ...more »
I would like to be able to disable default system alerts, specifically the SSL certificate handshake. I continue to receive alerts due to a an "SSL handshake problem. This may be a problem with the SSL Certificate or with the Network Time Service. In order for Log Insight to accept syslog messages over SSL, a certificate that is validated by the client is required and the clocks of the systems must be in sync." I am receiving ...more »
Hi Just had to had storage to a Log Insight cluster. I guess I have not do that in a while or atleast I do not remember how long it takes. As it seems like the node is just stuck doing nothing it would be nice if a progress bar/status could be shown on console when storage is expanded. A plus would be is an ETA could be shown as well 🙂 the only way to see that the VM/node is not dead is to look at disk usage ...more »
Basically, the thought is that we have a UCS Blade based host go down and we've now lost our logs. But wait, we have vRLI running and has those logs, but I don't see anyway to collect a Support Bundle for the host that would include the proper log entries for a SR request with VMware. Well, I can say I want entries from this data range with the hostname of xxx, but am I sure I got what I needed? Also, when I export ...more »
A request has been made for functionality to ensure and confirm that sealed archives are absolutely tamper-proof. This will be a key requirement of audits of the customer's Log Insight implementation, specifically as it's dealing with monitoring a PCI environment.
I'm deploying systems under ansible and each has different log directories to be pushed. And I might layer different services. Similar to see /etc/rsyslog.conf and rsyslog.d, I'd like to be able to add additional configurations by just simply dropping files into a liagent.d/ directory (the path of which would be defined in the main liagent.ini) This would allow me to drop say a liagent.d/httpd.ini to grab http logs ...more »
In the UI please allow searching based on UTC time as well as client local time. Some teams work better using pure UTC time as it help to coordinate events between systems. Currently you need to do a time translation to get the correct time.
I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.
We use Log Insights to alert for Windows Event Log entries. It would be very helpful if we could select additional fields from the entries to include in the alerting.