Campaign: Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

Submitted by (@markus.kraus)

Voting

8 votes

Campaign: Collection

Blacklisting/Discarding Events

From time to time there are occasions where i really would hope that blacklisting/discarding events is implemented in vRLI. For an example we currently are flooded with log entries from our 5.5 ESXi hosts which are coming from an "BUG" which is to be fixed in a patch without ETA. But there would be countless other examples too. I'm aware that there are possibilities to achieve that. One is with agents but for ESXi that ...more »

Submitted by (@rockaut)

Voting

3 votes

Campaign: Feature Requests

Log Insight Configuration Backup

Currently there is no method of backing up the Log Insight database or configuration files from the Log Insight Console. Providing a method of backing up manually, or on a scheduled time frame, would provide a benefit for off site backup, and disaster recovery solutions.

Submitted by (@patrickd)

Voting

5 votes

Campaign: Feature Requests

Alert when log source is not sending logs

Currently there is no alerting when Log Insight Master or Worker is not receiving logs/API events from its workers or agents. Part of the PCI compliance requires notification when a stoppage of logs is detected.

 

If this could be an alarm, or an automated email that is sent out, and have the ability to set certain thresholds (no logs within 30 minutes, 60 minutes, 3 hours, etc), that would be great.

Submitted by (@patrickd)

Voting

50 votes

Campaign: Interactive Exploration

Ability to adjust column width in field table view

Maximize effectiveness of displayed data: Allow to adjust column width in field table view

Submitted by (@ray.olander)

Voting

4 votes

Campaign: Interactive Exploration

Allow user-specified # of lines to be displayed on IA

Allow user-specified # of lines to display on screen (rather than forcing 50 as a limit).

Submitted by (@steveflanders)

Voting

2 votes

Campaign: Interactive Exploration

Ability to view logs in specified timezone

Currently, the Log Insight virtual appliance is set to UTC time, but when querying logs through the HTML 5 interface the logs are always shown in the local time of the browser. This issue becomes for environments where all monitoring devices are set to UTC and the browser accessing Log Insight is not in UTC. In this case, the Log Insight monitoring tool will be out of sync with the other monitoring tools in the environment ...more »

Submitted by (@steveflanders)

Voting

8 votes

Campaign: Interactive Exploration

Customize Legend for charts

When you create a chart as a count of events over time grouped by event type, the output of the chart has a legend that lists the event_type which is typically a letter and number combo. Ex v2_4d8019f which translates into Lost connectivity to storage device I think that it would be more informative if you could choose to display the actual message "Lost connectivity to storage device" rather than "v2_4d8019f" in the ...more »

Submitted by (@anthony.disalvo)

Voting

7 votes

Campaign: Feature Requests

Support globs for filelog directory option in Windows Agent

The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this

 

directory= E:\sitecoredata\*\Data\logs

include=log*.txt

So then I could make one that does them all type thing.

 

Globs are supported for files so this is an inconsistency in the product as well.

Submitted by (@jacob.curran)

Voting

26 votes

Campaign: Feature Requests

Log Insight Agent - send logs to multiple different destinations

Initial use-case: Our team supports the Operating System, while the Application Team supports their application. The Application Team already has their own Log Insight cluster setup to collect their application logs with the LI Agent. Because of this, we are unable to use the LI Agent to collect the Operating System logs. Ideally we would like to be able to send OS logs to our LI, and application logs to their LI. Forwarding ...more »

Submitted by (@joseph)

Voting

5 votes

Campaign: Feature Requests

Feature Request - Using Log Insight as a Forwarder and retaining source IP

We are using a third party SIEM. Due to the layout of the network and security requirements, we can only use log insight if it can forward all syslog and event log data to our SIEM. The problem is that the SIEM relies on the source IP of the system that generated the syslog data to be able to do its analytics. It creates a log source for each new syslog packet with a distinct IP address. We would like to use Log Insight, ...more »

Submitted by

Voting

18 votes

Campaign: Feature Requests

Authenticated webhook alerts

Today the webhooks alerting option sends an unauthenticated web POST to a URL. Enabling an authenticated post would open up the possibility to integrate directly with vRealize Orchestration (vRO), which can accept only authenticated posts.

Submitted by (@mdelatorre)

Voting

8 votes