VMware vRealize Log Insight 4.5

Log Insight 4.5, available 2017-06-13.

Download | Release Notes | Installation and Usage Videos | Support Center

New server features:

  • Added API to query alert execution and notification history
  • Added ability to specify basic authentication for webhooks
  • New product configuration APIs added
  • The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
  • Hosts on the /admin/hosts page can now be exported
  • Support for external load balancers has been deprecated
  • VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated. See the following Knowledge Base article for migration information: Article 2148976

General User Interface Items:

  • Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
  • Added ability to show a given time across all dashboard chart widgets simultaneously
  • Separate options are available for descriptions and recommendations for user alerts
  • User alert history for aggregation queries now includes count

New agent features:

  • Added ability to send unaltered raw syslog to destination server
  • Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
  • Added auto-update checkbox option on MSI user interface
  • Added support for sending logs to multiple destinations
  • Added directory wildcard support
  • Added support for Photon OS
  • Support for Ubuntu 12.04 LTS has been deprecated

And just like in previous releases, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 4.5.

Join the VMware Log Insight Community!

Register now and vote on feature requests or propose new ones.

You'll also have access to our next Technical Preview release. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

General Log Insight Q&A

Vulnerability triggering from Log Insight Server

One of my clients have raised the below vulnerability for LI.

Exploit CVE ID: "CVE:2009-1016"

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS.

The Client has observed suspicious traffic from log insight server on port 443.

Any Information on how to remediate... more »

Feature Requests

valid characters in email

An email address containing an ampersand (&) character was not allowed when configuring an alarm in Log Insight. Ampersand is among the valid special characters for the "local" portion of an email address, per RFC5322. In fact, MOST of the special characters allowed in the local-portion by RFC5322 are not considered valid in the Log Insight alarms. Please correct the defect in Log Insight that is preventing use of... more »

Feature Requests

Lock widget to time frame

I would really like to Lock a Dashboard widget to a specific time frame. For example if i make a datacollection for data just within an hour or pr 6 hours, the data could be false if someone use it With another timespan. So i would like to be able to Lock a Dashboard widget to a timeframe, like 1 hour, 3 hours, 6 hours or 24 hours. This way it would be much easier to make custom widgets With events in different timespans... more »

General Log Insight Q&A

syslog timestamp not working


I have the below three syslog entries. As it can be seen the timestamp from LI (the first one), does not match the one from the syslog msg. (This also affects the sort order in Log Insight. Making it hard to troubleshoot) Why?

I'm think it might be at the source the problem is, but I cannot see what you be wrong with this syslog msg.

2018-04-25 10:28:26 Passwordstate: Password... more »

Feature Requests

Highlight/Colour dashboard based on widget states / highlights

When highlighting/colouring a widget is accepted as an enhancement, the next logical step would be to allow the same on dashbooard level. It would be brilliant if not only the fact that one widget changed state drives the dashboard state. You can define a logical rule how their state will be taken into account to drive the change.
E.g. Dashboard changes state/colour when all 3 widgets change state (widget1 & widget2 &... more »

Feature Requests

Highlight/Colour widgets based on reaching certain limit/value shown

To notify someone visually when a certain/critical situation has been identified, it would be brilliant if you can highlight/colour a widget so you get the proper attention. E.g. host disconnections have been found the information mentions this is something you should investigate. How about defining there is a certain number of messages found and the widget switches it's colour to yellow/red?