VMware vRealize Log Insight 4.5

Log Insight 4.5, available 2017-06-13.

Download | Release Notes | Installation and Usage Videos | Support Center
 

New server features:

  • Added API to query alert execution and notification history
  • Added ability to specify basic authentication for webhooks
  • New product configuration APIs added
  • The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
  • Hosts on the /admin/hosts page can now be exported
  • Support for external load balancers has been deprecated
  • VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated. See the following Knowledge Base article for migration information: Article 2148976

General User Interface Items:

  • Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
  • Added ability to show a given time across all dashboard chart widgets simultaneously
  • Separate options are available for descriptions and recommendations for user alerts
  • User alert history for aggregation queries now includes count

New agent features:

  • Added ability to send unaltered raw syslog to destination server
  • Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
  • Added auto-update checkbox option on MSI user interface
  • Added support for sending logs to multiple destinations
  • Added directory wildcard support
  • Added support for Photon OS
  • Support for Ubuntu 12.04 LTS has been deprecated

And just like in previous releases, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 4.5.

Join the VMware Log Insight Community!

Register now and vote on feature requests or propose new ones.

You'll also have access to our next Technical Preview release. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

Feature Requests

Lightweight Forwarder for Edge Compute

For Edge Compute platforms for one example ROBO, something VMware is publicly discussing widely we need the ability to collect and send logs back to the datacentre.. Normally in these environments compute and storage space is a minimum, so we need a forwarder that is very lightweight in its install. Maybe even deployable as a container. The LI Forwarder would be good due to the compression it uses as we also need to consider ...more »

Submitted by (@nvenablesvmware.com)

Voting

3 votes

Collection

Cisco IPS Logs - SDEE

LogInsight is gradually overtaking our SIEM tool due to it's incredible accessibility and performance - thank you, everyone, for building such an awesomely easy-to-use product. Unfortunately, one of the key metrics we'd like to be able to report on is IPS/IDS logs generated from our Cisco ASAs ( we have many, many ASAs) and at the moment the IPS logs are firing into a bit of splunk code that converts them for splunk ...more »

Submitted by (@stevebristowpaypoint.com2)

Voting

2 votes

Feature Requests

Need better auditing of user activities

I have a user that changed or deleted a user alert. Well, I now have another user asking "who" made the change. I would like to see better auditing capabilities in Log Insight. I am looking for an auditing of the following types of changes: 1) Login and logout * This appears to be in the ui_runtime.log, but the data isn't exposed in the UI. 2) User alert creation, deletion, or modification via the UI or API. * We ...more »

Submitted by (@leroy.isaacpnc.com)

Voting

6 votes

Feature Requests

vRLI - Catalog Requests - needs "AND" "OR" Dashboard Query abilities

I need data from log entries in both "cafe: catalog" AND "cafe: composition-service". The Dashboard I am trying to create will have a table with the following fields and can't do that without this future feature: vmw_vra_request_num, Extracted field LongReqNum, Tenant, Extracted field Tenant Name, Extracted Field SettingRequestAs, vmw_vra_cat_item_name, vmw-vra_req_service, vmw_vra_requested_for_user Date Entered: 1/25/2018 ...more »

Submitted by (@lorimthompsonoptum.com)

Voting

9 votes

Feature Requests

Full Configuration API

It appears that there has been a start to get some configuration options added to the API. I hope we can get to a point where everything available in the Administration section of the Log Insight appliance becomes available via the API. My most immediate need is user management -- IE, the ability to add a user from AD to LI and, while being added, assign a role(s) to that user. I've already figured out how to do this ...more »

Submitted by (@burkevmware.com)

Voting

3 votes

Feature Requests

Get support from EMC Common Event Enabler

We are sending audit protocol information from our EMC Isilon using syslog to Log insight but there is a massive delay in between the time it writes to the raw log and the time it has been consumed into the sylog partition. We have been told by EMC that the sheer number of events is what is responsible for this delay and that syslog is not really a performance tool for capturing audit protocol information and to use the ...more »

Submitted by (@richard.haroldclosebrothers.com)

Voting

1 vote

Feature Requests

Export Event Results to VMware support

In customer's environment, all logs are usually collected by VMware LogInsight. Because all logs are in the centralized location would be good if there is a way how to automatically send them to VMware support (GSS). We currently have in LogInsight export event results feature (see attached picture) with two options: 1) Export Event Results 2) Export Chart Data This feature allows us to EXPORT logs (TXT / JSON / ...more »

Submitted by (@jbartisekvmware.com1)

Voting

27 votes

Content Packs

Bug in vsphere content pack - count of vcenter servers

In the vsphere content pack, there is a pane under vcenter server overview where it Counts "vcenter servers integrated". This Count is very wrong, as it Counts occurences of the Word vcenter-server (despite showing it should Count Sources) instead of unique hostnames. In my installation it therefore shows 71 vcenters, instead of the 4 it should be. The reason is that the loginsight also receives logs regarding DRS rules, ...more »

Submitted by (@hawkienorwayhotmail.com1)

Voting

7 votes

Administration of Log Insight

Request for variable retention

IHAC customer (CBA) that needs to retain up to 3 months of data in vRLI. Unfortunately, my customer's vRLI setup is now only retaining 7-8 days of data (its slowly been dropping with the migrations)… this is all due to the volume of DFW (NSX) logs… The customer has discussed dropping all accepted/allowed but customer security policy informed the customer that it wouldn't be allowed to do so. The customer has queried ...more »

Submitted by (@ssiddiquivmware.com2)

Voting

4 votes