Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »
It would be great if we could use variable (for example $HOSTNAME) and other environment settings in the liagent.ini file. We would be able to use variables for tagging or log file locations.
This would allow to refine configurations and use the same file on a number of systems.
Hi! we use puppet to configure our systems. sometimes loginsight module is loaded before the component it is going to monitor, springtc for example. the liagent.ini has a path to springtc logs directory, but since it is not built yet - loginsight gets an error and marks it dormant...
we need a “retry” option for each channel – if path does not exists loginsight agent should retry without requiring a restart.
The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this
So then I could make one that does them all type thing.
Globs are supported for files so this is an inconsistency in the product as well.